Skip to Content
Author's profile photo Bharath B N

Session Management in BI Platform REST SDK (RWS)

This blog describes session management in BOE 4.2 BI Platform REST SDK.


RWS APIs to get x-SAP-LogonToken:

Sl. No.
Http Methods
Query Parameters
Logon using username and password
http://host:<port>/biprws/vx/logon/long GET, POST N.A
Logon with token/serialized Seeeion
 http://host:<port>/biprws/vx/logon/token  GET, POST  N.A
Logon with adsso
http://host:<port>/biprws/vx/logon/adsso   GET clienttype
Logon trusted
http://host:<port>/biprws/vx/logon/trusted   GET  X-SAP-TRUSTED-USER, clienttype
Logon trusted x509
http://host:<port>/biprws/vx/logon/trustedx509 GET clienttype
Logoff (token must be in Header)


 BOE Version 4.2
host IP Address / Name of the of the server
port Port number (WACS)
x-sap-logontoken (Header)

Header key with value is Token.

For All API this header is must (not for Logon APIs).

 vx v1
x-sap-pvl (Header) us-en
Accept Applicaiton/JSON OR Application/XML
Content-Type  Application/JSON OR Application/XML

Must send the token to all RWS APIs in header “x-SAP-LogonToken”.

Till 4.2 SP03 logon REST APIs creates light weight “Enterprise Session” so that session count in “CMC->Sessions” not increasing. But when we use this same token to Web Intelligence REST APIs count will increase by 1 in “CMC->Sessions”.


Session management Issue:

Session created by RESTful web service (logon/long) doesn’t vanishes from CMC – Sessions tab after timeout (Issue reproducible only if user hits any raylight (Web Intelligence REST APIs))

Fixed : 4.2 SP02

Note :2359123 – RESTful logon token timeout doesn’t work accordingly

Change in Session type:

Session type Changed to Enterprise Session from the release 4.2 SP04 and onwards.

So that if user use any APIs mentioned in table , immediately session count will increase for the user in “CMC->Sessions” page.

Enterprise Session Token timeout default : 60 min.

Maximum timeout : 1440 min (24 Hrs).

Administrator can set this value in “CMC->Servers->WebApplicationContainerServer-> Right click on this server ->Properties->EnterpriseSession Timeout”.

http session timeout will not be applicable to Enterprise Sesison created using REST APIs.


Get LogonToken Workflow:

Method : POST Data Format: JSON

Method : POST Data Format: XML

Note: In XML format data will be xml encoded please decode the data if user is going to use in any other data format like in Headers or JSON Format.



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Mohit Kanoria
      Mohit Kanoria

      Hi Bharath,

      Thanks for the nice blog its very well explained.

      One thing, Where i can change session timeout value for rest SDK ?




      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      Login to CMC (http://<hsot> : <port>/BOE/CMC)

      Servers -> Web Application Container Server -> right click and select Properties

      And change the value for “Enterprise Session Timeout”:

      Author's profile photo Sri Harsha Akkineni
      Sri Harsha Akkineni

      Hi Bharath,

      Can i change the default URL for restful webservices and use DNS name as URL like htttp://

      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      biprws is deployed on Web Application Container Server.

      http://<host> you can use DNS name for this like any other web servers.

      Port number default : 6405 (can change)

      More About WACS :


      Author's profile photo Sri Harsha Akkineni
      Sri Harsha Akkineni

      I tried changing in WACS properties but it failed. It would either fail to restart the server or if I select to use the configure template it resets back to original state. Am i doing something wrong here?

      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      are you using IP address in the place of <host>?

      In properties you can change only port number for this service.

      once you changed here please update same in CMC->Applications->RestFul WebServices.


      Configuring RESTful web services:


      WACS and your IT environment:


      Configuring the reverse proxy :


      IP Addresses, Host Names, and Domain Names: 


      Author's profile photo Mynarik Pavel
      Mynarik Pavel

      Hi Bharath,


      I got following response for the initial GET request:

      <attrs xmlns="">
        <attr name="password" type="string" /> 
        <attr name="clientType" type="string" /> 
        <attr name="auth" type="string" possibilities="secEnterprise,secLDAP,secWinAD,secSAPR3">secEnterprise</attr> 
        <attr name="userName" type="string" /> 

      Based on the response I did sent POST request but I'm getting the following error:

          <error_code>RWS 000079</error_code>
          <message>Enter a valid input (RWS 000079)</message>

      I checked that my user is in the Administrator group and the user itself and password are correct. I'm also able to log in via standard logon.


      What I do not know is, where I can see the client type?

      Can you please help?


      Thank you very much!


      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      check request Headers:

      content-type  = application/xml

      accept = application/xml



      *****/biprws/v1/logon/long API.



      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      Author's profile photo Shuai Wang(Max)
      Shuai Wang(Max)

      HI Bharath,


      Thanks a lot for the document. It is very helpful.

      I have a problem, we are trying to use the API to read the folder users security.

      I tried to look through the RESTFul API document but I cannot find it.

      Do you know how to do it?



      Author's profile photo Bharath B N
      Bharath B N
      Blog Post Author

      REST API is not available for this case. Need to get this using Java SDK