Please enable JavaScript to view this site.

Navigation: Advanced topics > Programming topics > ASPRunner.NET's REST API

REST API: security

Scroll Prev Next More

If your project comes with the login page REST API access will also require passing security credentials in order to get access. Our REST API supports  HTTP Basic authorization and authorization via API key.

 

rest_api_security

 

If you try to connect to REST API without specifying security credentials or specifying incorrect credentials you will receive an error message like this:

 

 

{
error: "Access denied",
success: false
}

 

HTTP Basic Authorization

 

An example of authentication of the user with username admin and password pass1.

 

 

curl --user admin:pass1 "http://localhost:8086/api/v1?table=customers&action=list"

API Key Authorization

 

An example of authentication of the user with api key dsagdsew45234etw435.

 

curl -H "X-Auth-Token: dsagdsew45234etw435" "http://localhost:8086/api/v1?table=customers&action=list"  

 

And this is how API key setup looks in the database and in the project itself.

 

rest_api_apikey

Advanced Security

If you use Advanced Security option like "Users can see and edit their own data only" in your project, the same security settings will be automatically applied to REST API calls as well.

Events

 

The following security related events will be fired in case of the access via REST API. You can use it to prohibit certain users to access your app via REST API or to log some actions.

 

BeforeLogin
 

AfterSuccessfulLogin

 
AfterUnsuccessfulLogin
 

When your project provides access via REST API you need to be more careful writing events code. For instance, if you add the following code to AfterSuccessfulLogin event you will break the REST API execution.

 

MVCFunctions.HeaderRedirect("customers", "list");
MVCFunctions.Exit();

 

 

In such case you can use inRestApi() function to only redirect users who logged in manually.

 

 

if (!CommonFunctions.inRestApi()) {
  MVCFunctions.HeaderRedirect("customers", "list");
  MVCFunctions.Exit();
}