Session info for authentication


#1

hello,

Can someone explain why in a product supporting REST APIs we need to set session ids? The only way to avoid this is to create a guest access? Does this really make sense? Please tell me how to use Dreamfactory without session tokens.

regards


#2

Session tokens are a must if you are authenticating a user.
If you don’t want to use session tokens, you need to create an API key( Lets call it publicaccesskey ) and assign a default role to it which gives access to all the services ( like tables ) you want it to access. This way by only using API key ( no session ) you can achieve what you want.