Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

Mango 3.5 API session token change


  • After upgrading to Mango 3.5, I discovered that the "MANGO8080" session token, which is documented at https://help.infiniteautomation.com/mango-rest-api-authentication/ is no longer returned in the response.

    Instead, a longer token (something like '2-64cb74e4-2ca3-4ea3-aad4-7c36b813c4fb=node019x9glwhysk0q1wxmehnp0qgl6141.node0') is returned and required for subsequent API requests. I don't see any information about this in the release notes.

    Could you please provide clarity and confirmation regarding this change to the API authentication method?


  • I believe it's this item, as seen here.

    Use GUID as the default session cookie name


  • This was done to decrease the likelihood of having cookie conflicts when proxies are involved, and making sure that SSL secured cookies from one instance don't cause issues if accessing a Mango with the same host but the cookies haven't been cleared. It should function exactly like the old 'MANGO'+PORT cookie. We certainly encourage people to use Token authentication for their external API based tools, at this point (with Basic authentication being a third option).


  • @phildunlap Makes sense. Thanks for the clarification.