VIEWER DOCS

Authentication

The STIG Viewer API uses Bearer Token authentication via SAMS (Security Access Management System).

SAMS Token

Download endpoint requires a valid SAMS token in the Authorization header. Listing endpoint does NOT require authentication (public metadata).

Header Format

Authorization: Bearer ss_token_app_...

Token Format: ss_token_[applicationId]_[24-byte-hex] Example: ss_token_app_wordpress_a1b2c3d4e5f6...

How to Get a Token

  1. Visit SAMS
  2. Request API access for STIG Viewer
  3. Administrator approves your request
  4. Receive your unique access token
  5. Use token in all API requests

Common Issues

Issue: "Missing or invalid Authorization header" Solution: Ensure header format is Authorization: Bearer YOUR_TOKEN

Issue: "Invalid or expired token" Solution: Token may be expired - obtain new token from SAMS

Issue: "Subscription is not active" Solution: Your SAMS subscription is inactive - contact SAMS administrator

Was this page helpful?