Question

Authentication method for external utilities interacting with Mendix

0

Hi, We have a utility sitting in the remote windows system which will push data files in the Mendix App. We have published a POST API in mendix for handling the files. In the app we are using the encryption module to save the integration password. This encrypted password would be used in the utility to call the REST API were it will be decrypted and compared against the stored integration password. Please suggest/comment on the approach of authentication as its not the Mendix user we are authenticating. Regards, Sandeep

asked 2020-08-25

sandeep bhole

2 answers

Gerrit Kiefer · Answer 1 · 2020-08-25

Just to make sure? You want to authenticate a user on an API which is not Mendix?

Rom van Arendonk · Answer 2 · 2020-08-25

If you expose an API, the easiest authentication method is basic authentication (i.e. username and password). You do this by creating a user (or account) in Mendix with the correct roles. This account is meant for the application which you want to have access to your system, so even though it is not a person, it is still an account. You let the other system send a basic authentication header with the username and password.

The disadvantage of your approach is that you need to create authentication yourself: the API is anonymous, and you verify the header yourself. This is more work, not standard and therefore less secure than using the out of the box available username and password authentication method provided by Mendix.