If your project comes with the login page REST API access will also require passing security credentials in order to get access. Our REST API supports HTTP Basic authorization and authorization via API key.
If you try to connect to REST API without specifying security credentials or specifying incorrect credentials you will receive an error message like this:
{
error: "Access denied",
success: false
}
HTTP Basic Authorization
An example of authentication of the user with username admin and password pass1.
curl --user admin:pass1 "http://localhost:8086/api/v1.asp?table=customers&action=list"
API Key Authorization
An example of authentication of the user with apikey dsagdsew45234etw435.
curl -H "X-Auth-Token: dsagdsew45234etw435" "http://localhost:8086/api/v1.asp?table=customers&action=list"
Events
The following security related events will be fired in case of the access via REST API. You can use it to prohibit certain users to access your app via REST API or to log some actions.
When your project provides access via REST API you need to be more careful writing events code. For instance, if you add the following code to AfterSuccessfulLogin event you will break the REST API execution.
Response.Redirect "customers_list.asp"
Response.End
In such case you can use inRestApi() function to only redirect users who logged in manually.
if not bValue(inRestApi()) then
Response.Redirect "customers_list.asp"
Response.End
end if