Web-login token
Web-login token authentication allows a user to access Medallia Web reporting directly from the API-using application without requiring the user to sign-in to Medallia Web reporting. Typically the application requires the user to authenticate with a username and password to access the application. That application might present a graph showing the latest trend of the satisfaction scores. Next to the graph the application presents a hyperlink to Medallia Web reporting to allow the user to perform more in-depth analysis. Because the user already provided username and password, it is unnecessary for the user to provide those credentials one more time for Medallia Web reporting.
This can be solved by generating an auto-login token. The high-level steps are:
- Calculate the MD5 hash of the string "user=username"
- Make a timestamp of the current time in GMT in the format +%Y%m%d%H%M%S
- Create the token "ts=timestamp,hash=hash"
- Triple DES encrypt the token using IV and key generated from the MD5 of the user's password
- Generate a URL like
https://edemo.medallia.com/mainstreet/logonSubmit.do?user=username&token=encrypted_token&alMethod=API