Hi,

Direct Windows Authentication (NTLM / Kerberos) from Mendix to a local API is not supported natively by Mendix REST calls. Mendix runtime uses Java HTTP clients and they do not automatically negotiate Windows Integrated Authentication like .NET applications do.

Because of that, the typical Mendix-supported approaches are the following:

1. Use an intermediate service (recommended)

Expose the Windows-authenticated API through a small middleware layer (for example IIS, .NET API, or API Gateway).

That service handles Windows Authentication internally and exposes a new endpoint that Mendix can call using Basic Auth, API Key, or OAuth/JWT.

Mendix then simply calls this endpoint using the standard Call REST service action.

2. Convert authentication to token-based access

If possible, modify the local API so that it provides a token-based authentication endpoint.

Typical flow:

• Mendix calls /login endpoint
• API validates Windows credentials internally
• API returns JWT / access token
• Mendix sends the token in the Authorization header for all subsequent requests

This is the most common enterprise integration pattern used with Mendix.

3. Custom Java action for NTLM (advanced option)

If Windows authentication cannot be changed, you can implement a custom Java action using Apache HttpClient with NTLM support.

However this requires additional libraries and configuration and is usually avoided unless the API cannot be modified.

• Mendix cannot directly perform Windows Integrated Authentication in standard REST calls.
• The recommended Mendix architecture is to introduce a middleware layer or switch to token/API-key authentication.
• A custom Java implementation with NTLM libraries is possible but not typically the preferred approach.