Skip to Content

This blog describes session management in BOE 4.2 BI Platform REST SDK.


RWS APIs to get x-SAP-LogonToken:

Sl. No.
Http Methods
Query Parameters
Logon using username and password
http://host:<port>/biprws/vx/logon/long GET, POST N.A
Logon with token/serialized Seeeion
 http://host:<port>/biprws/vx/logon/token  GET, POST  N.A
Logon with adsso
http://host:<port>/biprws/vx/logon/adsso   GET clienttype
Logon trusted
http://host:<port>/biprws/vx/logon/trusted   GET  X-SAP-TRUSTED-USER, clienttype
Logon trusted x509
http://host:<port>/biprws/vx/logon/trustedx509 GET clienttype
Logoff (token must be in Header)


 BOE Version 4.2
host IP Address / Name of the of the server
port Port number (WACS)
x-sap-logontoken (Header)

Header key with value is Token.

For All API this header is must (not for Logon APIs).

 vx v1
x-sap-pvl (Header) us-en
Accept Applicaiton/JSON OR Application/XML
Content-Type  Application/JSON OR Application/XML

Must send the token to all RWS APIs in header “x-SAP-LogonToken”.

Till 4.2 SP03 logon REST APIs creates light weight “Enterprise Session” so that session count in “CMC->Sessions” not increasing. But when we use this same token to Web Intelligence REST APIs count will increase by 1 in “CMC->Sessions”.


Session management Issue:

Session created by RESTful web service (logon/long) doesn’t vanishes from CMC – Sessions tab after timeout (Issue reproducible only if user hits any raylight (Web Intelligence REST APIs))

Fixed : 4.2 SP02

Note :2359123 – RESTful logon token timeout doesn’t work accordingly

Change in Session type:

Session type Changed to Enterprise Session from the release 4.2 SP04 and onwards.

So that if user use any APIs mentioned in table , immediately session count will increase for the user in “CMC->Sessions” page.

Enterprise Session Token timeout default : 60 min.

Maximum timeout : 1440 min (24 Hrs).

Administrator can set this value in “CMC->Servers->WebApplicationContainerServer-> Right click on this server ->Properties->EnterpriseSession Timeout”.

http session timeout will not be applicable to Enterprise Sesison created using REST APIs.


Get LogonToken Workflow:

Method : POST Data Format: JSON

Method : POST Data Format: XML

Note: In XML format data will be xml encoded please decode the data if user is going to use in any other data format like in Headers or JSON Format.



To report this post you need to login first.


You must be Logged on to comment or reply to a post.


    Hi Bharath,

    Thanks for the nice blog its very well explained.

    One thing, Where i can change session timeout value for rest SDK ?




    1. Bharath B N
      Post author

      Login to CMC (http://<hsot&gt; : <port>/BOE/CMC)

      Servers -> Web Application Container Server -> right click and select Properties

      And change the value for “Enterprise Session Timeout”:

  2. Former Member

    I tried changing in WACS properties but it failed. It would either fail to restart the server or if I select to use the configure template it resets back to original state. Am i doing something wrong here?

    1. Bharath B N
      Post author

      are you using IP address in the place of <host>?

      In properties you can change only port number for this service.

      once you changed here please update same in CMC->Applications->RestFul WebServices.


      Configuring RESTful web services:


      WACS and your IT environment:


      Configuring the reverse proxy :


      IP Addresses, Host Names, and Domain Names: 


  3. Mynarik Pavel

    Hi Bharath,


    I got following response for the initial GET request:

    <attrs xmlns="">
      <attr name="password" type="string" /> 
      <attr name="clientType" type="string" /> 
      <attr name="auth" type="string" possibilities="secEnterprise,secLDAP,secWinAD,secSAPR3">secEnterprise</attr> 
      <attr name="userName" type="string" /> 

    Based on the response I did sent POST request but I’m getting the following error:

        <error_code>RWS 000079</error_code>
        <message>Enter a valid input (RWS 000079)</message>

    I checked that my user is in the Administrator group and the user itself and password are correct. I’m also able to log in via standard logon.


    What I do not know is, where I can see the client type?

    Can you please help?


    Thank you very much!


    1. Bharath B N
      Post author

      check request Headers:

      content-type  = application/xml

      accept = application/xml



      *****/biprws/v1/logon/long API.




Leave a Reply