PatronAPI: Authentication Process & Customizing Settings

Print Friendly and PDF Follow

If you are using Innovative Interfaces as your LIS/OPAC and have purchased their PatronAPI module, you can setup Aeon to authenticate users against that PatronAPI server for registration and login. API Authentication can be set up to auto-clear those customers who match entries in the PatronAPI server or to restrict access for both registration and login to the system to only those customers that meet all PatronAPI authentication criteria. Patrons must still register as First Time Users on the web; the PatronAPI authenticating field is usually the Social Security Number or ID Number but in rare cases could also be the Username. Because most PatronAPI servers restrict access by ip address, you will most likely need to add your Aeon web server to the list of ip addresses allowed to query the PatronAPI server.

PatronAPI Setup

For PatronAPI authentication, the WebAuthType key in the Customization Manager should be set to PatronAPI. Because customers choose their own passwords during registration, they can use the password reset feature as well.

Customizing your PatronAPI Settings

The PatronAPI settings are located in the Customization Manager under Web Interface | Innopac. The WebAuthType key is located under Web Interface | Authentication.

InnopacPatronAPIAddress The URL (including port number) for the PatronAPI server. (default is
InnopacPatronAPIAutoClear Determines if new users are automatically cleared when validated through Innopac PatronAPI logon.
InnopacPatronAPIExclusive This determines if PatronAPI is used to auto-clear users or restrict access to only those who pass all criteria in the PatronAPI server. Details on this are below.
InnopacPatronAPIExpireDate Only used if PatronAPI is exclusive. This determines if Aeon should check the user's expiration date in PatronAPI.
Only used if PatronAPI is exclusive and ExpireDate is set to Yes. Determines the format of the expiration date in PatronAPI.
Only used if PatronAPI is exclusive and ExpireDate is set to Yes. This is a rarely changed field, but allows you to customize what format the date may appear in within PatronAPI. May be overridden by InnopacPatronAPIExpireDateFormat.
InnopacPatronAPIField The field from the Users table to use for searching PatronAPI. While it can technically be any field in Users, most sites use SSN, Number or Username.
Only used if PatronAPI is exclusive. This is a rarely changed field, but allows you to customize what format the fines may appear in within PatronAPI.
InnopacPatronAPIFineBlock Determines if users should be denied access based off of fines for their patron types.
InnopacPatronAPIFineBlock0 Only used if PatronAPI is exclusive. Aeon determines the maximum amount of fines (in dollars) allowed for each patron type based off of the number value in this customization key. Details on this are below. The 0 can be any number.
Only used if PatronAPI is exclusive. The regular expression in this customization key allows you to determine which patron types are allowed to use Aeon. By default the [0-9]+ says any number value is allowed, but it could be customized to only allow certain numbers.
WebAuthType Tells Aeon to use PatronAPI authentication.

Exclusive versus Non-Exclusive

If PatronAPIExclusive is set to No, Aeon only verifies that the user exists in the PatronAPI server and will auto clear that user, if AutoClearPreregisteredUsers is set to Yes Subsequent logins, do not check the PatronAPI server to validate the user.

If PatronAPIExclusive is set to Yes, customers can only use the system if the value in the field set by InnopacPatronAPIField matches the number used by PatronAPI, the user is not expired, the user's patron type is allowed to use the system, and that patron types fine limit has not been exceeded. These criteria are checked both for registration and subsequent logins to Aeon.

PatronAPIFineBlock Customization Keys

Once you determine which PType numbers are allowed to use Aeon, you need to have a specific PatronAPIFineBlock customization key set for each of those numbers. For example, if you only allow PTypes 20-25 to use Aeon, you would need to have a PatronAPIFineBlock20, PatronAPIFineBlock21, etc. customization key in Aeon. You can add additional customization keys in the Customization Manager under System | Innopac by adding them directly to the Customization table.

Testing Connectivity to the PatronAPI server

To verify that your Aeon web server can connect to the PatronAPI server, you can type a sample PatronAPI address into the web browser on the server. The format would be:

  • (where is your InnopacPatronAPIAddress and 123456789 is a valid PatronAPI number)

If you receive a message like the following, you do not have access from the machine from which you tried to connect: 403 Forbidden. No access permitted from If you receive a response with field names and data from your test patron (as shown in the Innovative User Manual Patron API section headed "Accessing the Patron Data"), you have the appropriate level of access.


If this article didn’t resolve your issue, please contact Atlas Support for assistance:

Contact Support