...

This is the recommended solution because it nevers send any passwords or ticket secrets to over the wire and once a signed request has been used its no longed valid i.e. each signed URL can only be used once and is only valid for 10 minutes from creation/signing (based on the timestamp parameter in combination with the Meridix server time in UTC).

If you need to link a user from ex. a portal site the rendered link must be signed a maximum of 10 minutes before its clicked otherwise the Meridix authentication will respond with a 401 Not authorized http response since the signature has been deprecated.

...

Basic - Not recommended (

...

insecure)

...

The easist way to login a user from an external system is to make a request against https://_meridixurl_/SSO?u=_username_&p=_password_
Where _meridixurl_ is the URL to your Meridix installation, _username_ is the username/email of the user you want to login and _password_ is the Meridix password of the user.

...