Please enable JavaScript to view this site.

Navigation: Advanced topics > Programming topics > ASPRunnerPro's REST API

REST API: security

Scroll Prev Next More

If your project comes with the login page REST API access will also require passing security credentials in order to get access. Our REST API supports  HTTP Basic authorization and authorization via API key.

 

rest_api_security

 

If you try to connect to REST API without specifying security credentials or specifying incorrect credentials you will receive an error message like this:

 

 

{
error: "Access denied",
success: false
}

 

HTTP Basic Authorization

 

An example of authentication of the user with username admin and password pass1.

 

 

curl --user admin:pass1 "http://localhost:8086/api/v1.asp?table=customers&action=list"

 

API Key Authorization

 

An example of authentication of the user with apikey dsagdsew45234etw435.

 

curl -H "X-Auth-Token: dsagdsew45234etw435" "http://localhost:8086/api/v1.asp?table=customers&action=list"  

 

Events

 

The following security related events will be fired in case of the access via REST API. You can use it to prohibit certain users to access your app via REST API or to log some actions.

 

BeforeLogin
 

AfterSuccessfulLogin

 
AfterUnsuccessfulLogin
 

When your project provides access via REST API you need to be more careful writing events code. For instance, if you add the following code to AfterSuccessfulLogin event you will break the REST API execution.

 

Response.Redirect "customers_list.asp"
Response.End

 

 

In such case you can use inRestApi() function to only redirect users who logged in manually.

 

 

if not bValue(inRestApi()) then
  Response.Redirect "customers_list.asp"
  Response.End
end if