Thembelani Mlalazi · Sep 28

How to secure a REST API

I am trying to secure a rest service but I lack the understanding of how to achieve this if anyone will explain  in details how I could achieve the following:

Securing The REST Service with Basic Auth (username and password)

if any one has a sample code on this will appreciate 

Product version: Caché 2018.1
$ZV: Cache for Windows (x86-64) 2018.1.4 (Build 505_1U) Thu May 28 2020 10:01:40 EDT [HealthShare Modules:Core:15.032.9035 + Linkage Engine:15.032.9035]
0 141
Discussion (2)1
Log in or sign up to continue

Hi Thembelani,

If I'm understanding your question right, I think you just need to change the settings on the IRIS web application for your REST service, modifying the allowed authentication methods so "password" is enabled.

In the management portal, go to System Administration, Security, Applications, Web Applications and find your application. Under security settings, disable Unauthenticated, and enable Password.

Then, when you send your requests, you need to include a base 64 encoded basic authentication header with the username and password, or on the end of the URL include ?CacheUserName=username&CachePassword=password. Keep in mind, though, that if you aren't using HTTPS, you could end up transmitting a username and password in plain text or in a very easily decrypted way.

If you want only specific users to be able to access the API, consider creating a new Resource then setting that resource as the Resource Required in the security settings, then only giving that resource to people who need to access the API.