Configure Basic Authentication for RESTful API Service (Magic xpi 4.14)
To use Basic Authentication with the RESTful API service, you need to follow the steps given below:
-
On the RESTful API Service, set the authentication to Basic.
-
Save the service. On save, it will generate the <Project Name>_<Service Name>_serviceDefinition.xml file under <xpi project>\RESTful API\<ServiceNameFolder>.
-
Open this file in a text editor. Here you can see a securityDefinition element and under this element there will be a basic element.
-
Under this element you can add multiple usernames and passwords for basic authentication.
Add one row for each username, its corresponding password and the user role in the syntax below:
<user username="myusername" password="mypassword" roles="myrole">
Here replace the myusername with your username, mypassword with your password and myrole with your user role.
|
|
The file already contains some examples as XML comments. You can uncomment these rows and res-use them as well.
|
-
Magic xpi supports path level security which is in compliance with Open API specification. To assign security or role to each path, go to each endpoint element and assign the appropriate role to the path in the format given below:
<security roles="myroles">
If no role is assigned, then the API can be accessed without any authentication.
|
|
Each path already contains security role added as XML comment. You can uncomment and res-use it.
|
If you now try to access the service without appropriate role, then you will see 403 Forbidden header in the response.
-
Copy this file to the rest-services folder of your Web Server.
|
|
Once copied to the Web Server any changes done to this file are dynamic. No Web Server restart is required for the updated changes to reflect. If you are using any client like Postman, you might have to clear the session cookies in case you don’t see the desired results.
|
