Publishing secured Rest API with UserID and Password (RESOLVED)

This Q&A forum allows users to post and respond to "How Do I Do ....." questions. Please do not use to report (suspected) errors - you must use your regional help desk for this. The information contained in this forum has not been validated by LANSA and, as such, LANSA cannot guarantee the accuracy of the information.
Post Reply
marcel.heij
Posts: 2
Joined: Thu Aug 15, 2019 4:35 pm

Publishing secured Rest API with UserID and Password (RESOLVED)

Post by marcel.heij » Wed Aug 21, 2019 3:34 am

I created a server module for a client facing Rest API, but the Session(*REQUIRED) parameter of the Srvroutine doesn't seem to do anything. I can access the srvroutine without a session. What is the way to go for publishing a Rest API secured with a userid and password and persisted fields? Can we use the Lansa generated Sessionkey (and how?). Or should we use always "Sessionkeymethod(Cookie)"? I am stuck at the moment.

Pablo
Posts: 41
Joined: Wed Dec 02, 2015 10:35 am

Re: Publishing secured Rest API with UserID and Password

Post by Pablo » Sat Aug 24, 2019 4:39 am

Hi Marcel,

The session and session key method you are referring to are ignored by the REST Api.

The current implementation of REST - v14SP2 + EPCs - does not include security.

I believe there will soon be an EPC with major enhancements to the current implementation + security and maybe some other features.

I suggest you send this query and other questions you may have to Lansa Support to get a more comprehensive and official answer.

Regards,
Pablo

marcel.heij
Posts: 2
Joined: Thu Aug 15, 2019 4:35 pm

Re: Publishing secured Rest API with UserID and Password

Post by marcel.heij » Sat Aug 24, 2019 10:41 am

Thank you for confirming my findings, but I hoped I was doing something wrong. At the moment I am trying to let my Rest API consume a Lansa Web server module that uses sessions, giving the sessionkey back to the Rest API, which is adding a cookie to the response served to the consumer of my Rest API. Don’t think it’s the best solution, but could do the job I had in mind. Nevertheless I hope this EPC you are mentioning is coming really quickly, because this should really have been in the current release already.

Post Reply