Basic HTTP Authentication


#1

Hi there. I have successfully created my API and do not allow guest access, so in other words my users need to authenticate in order to use the API.

I can view records using basic HTTP authentication without a glitch pointing to url/rest/servicename/tablename, but I would like to know how do you go about returning a session_id calling url/rest/user/session in order to generate a session token? It keeps returning code 401 - There is no valid session for the current request, even though I know the credentials are fine because I can return records from my table.

I am using the cloud service at this point to test. Also, Lee Hicks mentioned here Basic authentication calls that you need to add a header named “Authorization” to your remote web service config in the Services section of the DSP admin console and check the box ‘Pass from client.’ so that the header value sent to the remote web service will be taken from the incoming request from the client, but I cannot find it under the Services tab in the DSP admin console.

Thank you


#2

HTTP Basic auth doesn’t instantiate a session, it authenticates again with every call by passing the Authorization header with every call. So you’ll never get a session_id back using Basic auth.

To instantiate a session, POST your user’s email and password to /rest/user/session and you will receive a session_id back. This is covered in the docs here.

If I’ve missed your use case, please explain further.