Page 1 of 1
Publishing secured Rest API with UserID and Password (RESOLVED)
Posted: Wed Aug 21, 2019 3:34 am
by marcel.heij
I created a server module for a client facing Rest API, but the Session(*REQUIRED) parameter of the Srvroutine doesn't seem to do anything. I can access the srvroutine without a session. What is the way to go for publishing a Rest API secured with a userid and password and persisted fields? Can we use the Lansa generated Sessionkey (and how?). Or should we use always "Sessionkeymethod(Cookie)"? I am stuck at the moment.
Re: Publishing secured Rest API with UserID and Password
Posted: Sat Aug 24, 2019 4:39 am
by Pablo
Hi Marcel,
The session and session key method you are referring to are ignored by the REST Api.
The current implementation of REST - v14SP2 + EPCs - does not include security.
I believe there will soon be an EPC with major enhancements to the current implementation + security and maybe some other features.
I suggest you send this query and other questions you may have to Lansa Support to get a more comprehensive and official answer.
Regards,
Pablo
Re: Publishing secured Rest API with UserID and Password
Posted: Sat Aug 24, 2019 10:41 am
by marcel.heij
Thank you for confirming my findings, but I hoped I was doing something wrong. At the moment I am trying to let my Rest API consume a Lansa Web server module that uses sessions, giving the sessionkey back to the Rest API, which is adding a cookie to the response served to the consumer of my Rest API. Don’t think it’s the best solution, but could do the job I had in mind. Nevertheless I hope this EPC you are mentioning is coming really quickly, because this should really have been in the current release already.