# Log in by more secure method

Login method of previous term is very simple and easy to use.
However in some cases, users need to log in by more secure method.
The following description shows a login method by using encryption method.

# 1) Get the One-Time Password

Please issue POST request for the following URL from third party's software, and please get the one-time password.
SonicDICOM PACS will create the secret key and the public key when the one-time password is generated, and SonicDICOM PACS will respond public key as the one-time password.

URL: /viewer/api/otp/

# 2) Encrypt ID and Password

Please encrypt ID and Password with RSA method on third party's software side by using the one-time password that is got from SonicDICOM PACS.

Example for before encrypting character string: id=admin&password=password  
Example for after encrypting character string: encryptedstring  

# 3) Log in by using the encrypted character string

Please change the parameter of URL as the following, and please execute a login.

Example of URL: /viewer/#/list?code=encryptedstring

Once SonicDICOM PACS receives such a request, it will decrypt the encrypted character string by using the secret key that is created when the one-time password is generated.
And then it will execute a login process inside of software.
If it succeeded a login, it responds HTTP code 200. And if it failed, it responds 401.
The one-time password will be deleted automatically if it is used once or if it spends a certain time after its generation.