https://community.appian.com/discussions/f/integrations/19851/call-web-api-using-session-based-authenticationHi, In my project Appian forms are embedded into web application, so SSO is configured and working embedding is success. One more requirement is calling Appian forms from same web page, right now using API key authentication which is working fineen-USTelligent Community 12https://community.appian.com/thread/84072?ContentTypeID=1Tue, 27 Jul 2021 11:17:37 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:dd44f962-229f-484f-bc0b-afe5758134d5Mahesh Bandi<p>It is working now. While using session-based authentication, we need to include the below script tag on the web page then Session ID will be created. If this web application is hosted on the same origin then Appian Web API uses the same session ID(implicitly included in headers) that was created while SSO authentication. In the case of cross-origin, due to security <span>reasons</span> by default Web browsers don&#39;t pass headers to WEB API, so we need to pass headers explicitly if it is allowed in the web application(but not recommended due to security reasons).&nbsp;</p> <p>In our case we are not allowed to pass headers explicitly, so we have used API key Authentication on cross-origin and Session-based authentication on the same origin.&nbsp;</p> <p><strong>&lt;script src=&quot;<a href="https://dev.internal.intient.com/appian/tempo/ui/sail-client/embeddedBootstrap.nocache.js">&quot;&gt;dev.internal.intient.com/.../embeddedBootstrap.nocache.js&quot;</a> id=&quot;appianEmbedded&quot; data-signin =&quot;OKTA&quot; data-themeidentifier=&quot;my-project-theme&quot;&gt;&lt;/script&gt;</strong></p> <p><strong>&nbsp;</strong></p><div style="clear:both;"></div>https://community.appian.com/thread/84071?ContentTypeID=1Tue, 27 Jul 2021 10:46:28 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:218c7c2d-d02f-4d46-a71e-227d13230587Mahesh Bandi<p>Hi,</p> <p>In my project Appian forms need to embed into a web application, so SSO is configured and able to embed Appian forms into web application successfully.&nbsp;</p> <p>One more requirement is calling Appian&nbsp;WEB API&nbsp;from the same web page, right now using API key authentication which is working fine, but planning to change this authentication to&nbsp;Session-Based Authentication.&nbsp;</p> <p>I have&nbsp;looked at the Appian doc for this,&nbsp;<a href="https://docs.appian.com/suite/help/19.4/Web_API_Authentication.html#session-based-authentication">https://docs.appian.com/suite/help/19.4/Web_API_Authentication.html#session-based-authentication</a>, But couldn&#39;t get what parameters need to pass for<span>&nbsp;</span><span>Session-Based&nbsp;</span>authentication.&nbsp;</p> <p>Also looked at the embedded interfaces doc&nbsp;<a href="https://docs.appian.com/suite/help/20.3/Embedded_Interfaces.html">https://docs.appian.com/suite/help/20.3/Embedded_Interfaces.html</a>&nbsp;and referred the &quot;Integrated jQuery Example&quot; section there I saw invoking&nbsp;<span>servlet plug-in using&nbsp;Session-Based Authentication, same configuration properties I have tried while calling WEB API but didn&#39;t work. I have tried the below properties in request headers while calling Appian WEB API.</span></p> <div> <div><span>&#39;Content-Type&#39;</span><span>:</span><span>&nbsp;</span><span>&#39;application/json&#39;</span><span>,</span></div> <div><span>&#39;xhrFields&#39;</span><span>:</span><span>&nbsp;{</span></div> <div><span>&nbsp; &nbsp;</span><span>&#39;withCredentials&#39;</span><span>:</span><span>&nbsp;</span><span>true</span></div> <div><span>}</span></div> </div> <p><span></span></p> <p><span>Could you help on this to call WEB API successfully from a web page using&nbsp;Session-Based Authentication?</span></p> <p><span></span></p> <p>Regards,<br />Mahesh</p><div style="clear:both;"></div>