Guest user's authentication

DSP descript that enable guest user to allow access to applications and services without authentication In admin console Config->Guest User,
So I enable the option Allow Guest User and I think I can download files using brower without authentication. Unfortunately, I get a error response , and it seems I need seesionid using /user/session API still.
Am I misunderstand or missing something?

Actually, I just want to download files by brower using service files’s live API without authentication.

No misunderstanding, as far as I know. You should have no problem allowing guest access to a file storage service. Here’s an example.

I will use local file storage. I create a subfolder called images, put a PNG file into /dsp/platform/storage/images and verify it’s present in the Files UI in my DSP admin console:

I then test to verify the image is accessible by retrieving it via API Docs:

That’s my image, so I know we’re good to go. Now I open a separate browser (which will act as the client in this example) and try to get the same image.

This is just as expected, since I don’t have guest access configured to access local storage, and I didn’t login from the other browser. (Note that I already have an API key called “demo” set up, so I’m just using that.)

So now I create a role called “download” that will be allowed to GET local storage files:

And I configure it to have GET access to the images container

And on the Apps sub-tab under the role, I select the app name that corresponds with the API key I’m using, “demo”:

Then I configure Guest Users to drop guests into the role “download”:

Now I try the same call again from the other browser:

And there’s my image.

Let me know what step(s) you’re having difficulty with.

1 Like

I have sloved it following the steps,thanks!


I’m having the same issue with guest user access.

I have followed these steps:

  1. added a new user called Guest User with service database access to ‘todo’ (GET/POST) for API+SCRIPT.
  2. under Config->Guest User checked of ‘allow guest users’ and selected the new role ‘Guest User’ as the guest user role.
  3. added the Guest User as role for the todoquery app (actually did this in the role definition…)
  4. for test purposes I also added CORS access * for all verbs (to ensure Chrome Postman is not rejected)
  5. test http://104.XXX.XX.133:80/rest/db/todo?app_name=todoquery with sessionID returns current todo records.
  6. test http://104…XXX.XX.133:80/rest/db/todo?app_name=todoquery without sessionID returns a (403) “Access to application ‘todoquery’ is not provisioned for this user’s role.”.

Any clues?


Are you sure you’ve created the API key “todoquery”? There is an example app name that’s “todojquery”–maybe a typo?

A post was split to a new topic: Guest users in 2.0