Connecting to Web Service Rest API that need to sign in and cookie authentication

I’m trying to connect to a remote Rest API that requires to call a sign in URL first, Can someone tell me if this is doable with Dreamfactory and how?

/api/signin
post:
parameters:
-name: email
-name: password

this returns a cookie JSESSIONID which is used in subsequent API calls.

How do I set up this as a service on Dreamfactory?

Is this actually a cookie (as in a information stored in the browser session) or do you just need the data from the cookie to make more api calls?

If the latter, then it’s possible, but very custom. Here’s are 3 ideas:

  1. Create a pre-process script on each of your api’s endpoints that first logs in to api/signin and then inserts the cookie data into the request of of the originating api call.
  2. Create a custom script service that takes as parameters or in the payload all of the required information for both authenticating with the api and making further api calls. Then in the script just make 2 api calls.
  3. Put the logic on the client-side. Have your client application call the signin api first and then make subsequent api calls.
1 Like

Thanks, @drewpearce

It’s a cookie that the login endpoint returns. Remote endpoint expects this cookie in future calls so that it knows it’s from the same session. From your answers sounds like I need to set it up so each remote call will be individually authenticated. That just seems very inefficient. Kind of surprised that DFS don’t have an easier way to handle this. Don’t most public REST endpoints need some kind of authentication?

I get the feeling that DFS is not built to conveniently handle REST endpoints that require authentication. Is this misunderstanding from my part or is it’s not a normal use case for DFS?

May just be misunderstand here. For remote HTTP services, DreamFactory supports any authentication mechanisms that can be passed through curl options, headers, or parameters.

Many simple APIs support simple API key auth, or authenticating per call. If your remote API uses reusable sessions, you wouldn’t necessarily have to reauthenticate on each call, but you would need to build some logic in either a script of your client application to get a session and store that information in a place where it can be reused. One possibility would be to put it in a user lookup in DF. Then in the service configuration, you could put the user lookup key in the header or parameter that sends the session information.

1 Like

Sorry for intruding this thread, but did you figured it out? As @drewpearce said - For remote HTTP services, DreamFactory supports any authentication mechanisms that can be passed through curl options, headers, or parameters. - were you able to send authorization headers correctly via dsp?

I’m using dreamfactory 2.3.1 and stuck in a similar issue. See here.

1 Like