A typical example of using ADUCID^® Client API includes the following steps:

1. Creating an authentication session in AIM for the requested operation. The redirect URL with identifier authId, and optionally bindingId and/or bindingKey identifiers, is returned. Then sending redirect to provided redirect URL, by which the PEIG authentication handshake is initiated (the AIM-Proxy component can be used for this action).
2. Returning credentials (authId, authKey) back to the application and verifying credentials supplied from PEIG.

When authenticating a user, an authentication session must first be created on the AIM server. This is done by the startAuthenticationSession operation of the AducidAdvancedClient object. It is necessary to provide a return URL as an operation input parameter. The startAuthenticationSession operation returns URL, where to redirect to start PEIG authentication handshake.

If calling of the startAuthenticationSession is successful, no exception is thrown.

If authentication has been finished (for example, when the AIM proxy redirects control back to the application, by using the endpoint defined in the returnUrl value that was set in step 1), credentials can be verified by calling the getResult method of the AducidAdvancedClient object. Remember, authKey value doesn't need to be defined, so make it optional as getResult operation input. The getResult operation returns GetPSLAttributesResponse as an object representing authentication data.

If calling of the getResult is successful, no exception is thrown.

The most important values are UDI as a unique user identifier (GetPSLAttributesResponse.getUserDatabaseIndex()) and authKey as a new authentication key (GetPSLAttributesResponse.getAuthKey()).

See Javadoc SDK Client API to get a list of method you can use now.

Depending on AIM configuration authKey is valid only once (due to security reasons).

To call Client API methods requiring authId and authKey pair on input you have to use GetPSLAttributesResponse.getAuthKey() value instead of the original authKey.