| The one-time authentication key is a temporary key generated by Thinfinity® VirtualUI™ for FireMonkey® Server, intended to protect the actual username and password. Both key and password are temporary data and they will be only valid for a single connection and limited period of time.   How it works:   1. First you need to ask Thinfinity® VirtualUI™ for FireMonkey® Server to generate the key and password for you. Call the server following this URL format:   
| http(s)://ThinfinityVirtualUIforFireMonkeyServer:Port/ws/oturl/get?<queryString> |   2. The queryString should be built with all parameters listed below:   
| username= <username> &password= <password> &plen= <passlen> &expires= <expires> |   Find on the table below a description for each required parameter.   
| Parameter | Description |  
| username | This is the username to be authenticated on Thinfinity® VirtualUI™ for FireMonkey® Server. |  
| password | The password of the user to be authenticated. |  
| plen | This parameter carries the returned unique password length. |  
| expires | Through this parameter you can set an expiration (in minutes) for the key-password pair. 'Expires = 30 means' that the pair won't work anymore after 30 minutes have passed from the pair generation. |   3. If Thinfinity® VirtualUI™ for FireMonkey® gets to authenticate with the sent parameters, it will return a JSON object containing the One-Time key/password pair.   
| Parameter | Description |  
| valid | Use this result to know whether the authentication was successful (username and password were valid). |  
| key | This is the one-time key to be used for the client side authentication. |  
| pass | This is the password to be used for the client side authentication. |   4. If the authentication was successful, write on the end HTML file the generated key and password information, so that they can be used for the client-side key/password Validation.   JavaScript example:   This is a JavaScript example. The actual GetOneTimeKey method should be translated to the Server side programming language and only invoked there to avoid username/password exposure on the client side.   
| function GetOneTimeKey(username,password) {     var otkey =  getOneTimeKey(username, password);     if (!otkey.valid) {       alert('Invalid username/password');     }     return otkey;  }   function getOneTimeKey (username, password, passlen, expires) {     var returl = '';     if (!passlen) passlen = 8;     if (!expires) expires = 30;     $.ajax({         url: 'http(s)://ThinfinityVirtualUIforFireMonkeyServer:port' + '/ws/oturl/get?username=' + username + '&password=' + password + '&plen=' + passlen + '&expires=' + expires,         async: false,         dataType: 'html',         statusCode: {             200: function (data) {                 returl = eval('('+data+')');             }         }     });     return returl; } |   |