Question

Switching from basic authentication to token-based authentication for REST services

1

I built a REST-based API in mendix that works with basic authentication (username + password) and want to switch to a token-based authentication mechanism instead of having to send the username/password as part of every API request. Can someone please guide me to an example/post/tutorial where I can read about this, and help myself?

asked 2019-08-27

51d

3 answers

Andries Smit · Answer 1 · 2019-08-27

Dear Sid,

Would this help you? https://docs.mendix.com/refguide/call-rest-action#3-http-headers

Cheers, Andries

Andries Smit · Answer 2 · 2019-08-27

Hi Sid,

In the rest services you could select `Custom` authentication

https://docs.mendix.com/refguide/published-rest-authentication-parameter

The headers are available in the custom flow, you can do all kind of things you probably need.

Alternative you, set it to no authentication, and implement something in side the exposed microflow, as this can also access header information.

Please let me know if this works for you too.

Cheers,

Andries

Johan Flikweert · Answer 3 · 2019-08-28

Hi Sid,

As explained by Andries, you can use custom authentication in your published REST API.

If you want to use tokens as authentication/authorisation, you need a token server. Do you want to use an external token server, like Azure or Google? Then you need to build logic to verify the token, either by a REST call to the identity provider or by verifying the token yourself and check the certificate. Don't forget to implement authorisation, for example using the claims in a token.

Or do you want to generate your own tokens? Most used are JWT (Json Web Tokens). You could take a look to the JWT-module in the appstore to build this functionality. This module can also help to locally verify tokens, like the website jwt.io shows.

Good luck and let us know what you did!