Using Service From api_key


#1

How do I enable a user to use service with api key authentication?
For example,

Endpoint: rest/app/getresources
Headers:
api_key: ‘secret api’


#2

App name is the API key. First authenticate the user with API key in the auth request. Then on subsequent API calls pass API key and session token.

More info here https://github.com/dreamfactorysoftware/dsp-core/wiki/Important-Information


#3

That’s the case if it is required user to login. However, I have an internal app that needs to use the api without actual user log in. Is that possible like having App name as API Key and Secret Key combination for permanent authenticated?


#4

The only way to not authenticate a user is with Guest access. In the Config tab you can enable Guest users and assign a role for Guest users. Keep in mind that whatever you expose to the Guest Role is publicly exposed.

In version 2.0 coming out Q2, DreamFactory will support permanent auth (login persists until explicit log out). You’d still need a single “user” for your app since roles govern API access, but once one-time auth call is made the API would be permanently private.


#5

Looking forward to seeing the feature release in 2.0 in the mean time i set up another domain (api.domain.com) which points to (dsp.domain.com/rest) then authenticate using a permanent key while keeping dsp.domain.com behind firewall.