The HSTS header is missing from the API Service : Support Desk

The HSTS header is missing from the API Service Print

Modified on: Thu, 4 Nov, 2021 at 10:20 AM

The Mi-Token API service is a component that exposes a RESTful web service over the HTTP (port 80)/HTTPS protocol (port 443) providing several methods for managing and validating tokens and OTPs. (One-Time-Passwords) without a graphical user interface.

Although this service can be used to integrate 2FA into your in-house developed solutions, it is primarily utilized by the Mi-Token Credential Provider (enabling 2FA for the Windows Login Screen - see screen capture below) to validate a user's credentials.

Mi-Token Credential Provider Plugin

The service is not installed as an IIS-dependant web service, but as a Windows Server service that dispatches authentication requests over the HTTP and HTTPS protocols, allowing clients to use the service with or without SSL, therefore the HSTS header is not enabled by design.

Mi-Token API Service at the Windows Server services window

Did you find it helpful? Yes No

How can we help you today?

The HSTS header is missing from the API Service Print

Related Articles