How to allow rest requests only for logged in users

kleinert_robert · August 14, 2014, 12:55pm

Hi guys,
I am new to dreamfactory and am currently developing an app with AngularJS.

I have the following questions:

how / where can I define that REST calls are only possible if the user is logged in?
how can I make LEFT JOINS with the REST API?

Thanks and regards,

Robert

Mark · August 14, 2014, 1:25pm

Robert,

Good questions. To your first, you’ll need to define users/roles within your DSP - this comes with a bit of a learning curve, but the concept is easily implemented once understood.

Please have a look a this documentation on user management:

https://www.dreamfactory.com/features/user-management

As far as your second question, the new release (still pending…) has functionality to support stored procedures. Simply create your JOIN queries within the stored proc and then call this with a REST call.

Please let me know if you have anymore questions.

Thanks,

kleinert_robert · August 14, 2014, 2:12pm

Hi Mark,
thanks for your help.

I just defined a group “Users” which have API Access to my services.

So did I understand correctly, that you have to be logged in to use the api or is it useable without any session id, too? I’m asking due to security.

EDIT: I just called https://dsp-frdgmt.cloud.dreamfactory.com/rest/db?app_name=frdgmt from my browser and its working fine. How can I avoid, that this is working without a valid session_id or token?

Regards,

Robert

Mark · August 14, 2014, 3:11pm

Robert,

Looks like either you haven’t logged in or the you’ve entered a wrong password on your end.

Have a look at this blog:

https://blog.dreamfactory.com/blog/bid/326379/Getting-Started-with-the-DreamFactory-API

As far as being able to access this without logging in, that’s related to guest users being enabled or not. You can give different levels of access to your guest users depending on what you’d like them to access or not. Guest users do not have to login. All of the permissions that you give them are allowed outside of logging into the DSP.

Let me know if you have anymore questions.

Thanks,

Mark

kleinert_robert · August 14, 2014, 9:04pm

Hi Mark,
thanks for the reply. I now defined a role guest user with no access to any service. But I am still getting a valid response when opening https://dsp-frdgmt.cloud.dreamfactory.com/rest/db?app_name=frdgmt

Is it possible to have a quick look at my settings?

I don’t want my REST-API to be open to the public. Only logged in users should use it.

Thanks,

Robert

Jason · August 15, 2014, 11:15am

Can you use a different browser session? It sounds like the request is using your admin session that is still loaded in the browser.

Jason · August 15, 2014, 11:16am

Also. Turn off guest users in the config section.

kleinert_robert · August 21, 2014, 5:54pm

Great thanks. Now it works!

Topic		Replies	Views
Using Service From api_key Authentication & Security	4	2167	March 23, 2015
Guest user setup to access only the Database service Legacy Product authentication , authorization	4	3365	March 23, 2017
Access to database rows Authentication & Security	1	3559	June 4, 2015
Must I be login to access or modify my data? FAQs	9	4205	August 11, 2014
Authentication questions - anonymous and long-life tokens? Authentication & Security	12	3996	July 13, 2014

How to allow rest requests only for logged in users

Related Topics