Mango 3.5 API session token change
After upgrading to Mango 3.5, I discovered that the "MANGO8080" session token, which is documented at https://help.infiniteautomation.com/mango-rest-api-authentication/ is no longer returned in the response.
Instead, a longer token (something like '2-64cb74e4-2ca3-4ea3-aad4-7c36b813c4fb=node019x9glwhysk0q1wxmehnp0qgl6141.node0') is returned and required for subsequent API requests. I don't see any information about this in the release notes.
Could you please provide clarity and confirmation regarding this change to the API authentication method?
I believe it's this item, as seen here.
Use GUID as the default session cookie name
phildunlap last edited by
This was done to decrease the likelihood of having cookie conflicts when proxies are involved, and making sure that SSL secured cookies from one instance don't cause issues if accessing a Mango with the same host but the cookies haven't been cleared. It should function exactly like the old 'MANGO'+PORT cookie. We certainly encourage people to use Token authentication for their external API based tools, at this point (with Basic authentication being a third option).
@phildunlap Makes sense. Thanks for the clarification.