REST API Request authentication

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

REST API Request authentication

Henry Versemann

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

 

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

 

So is  there any documentation on how to get this done, or start this process?

 

I’ve just started looking.

 

Thanks for the help.

 

Henry

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: REST API Request authentication

Mark Pitely
Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.
You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

Mark Pitely
Marywood University

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <[hidden email]> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

 

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

 

So is  there any documentation on how to get this done, or start this process?

 

I’ve just started looking.

 

Thanks for the help.

 

Henry

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

RE: REST API Request authentication

Nathan Keiter

A “front-end” login will also be natively absorbed, assuming the user has the appropriate roles.

 

Nathan I. Keiter | Lead Network Applications Programmer | Benefits Advisory Council Member | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993

https://www.gettysburg.edu

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Mark Pitely
Sent: Friday, September 08, 2017 10:16 AM
To: [hidden email]
Subject: Re: [dotcms] REST API Request authentication

 

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

 

Mark Pitely

Marywood University

 

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <[hidden email]> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

 

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

 

So is  there any documentation on how to get this done, or start this process?

 

I’ve just started looking.

 

Thanks for the help.

 

Henry

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/ba772b5edec142bc938f12e12d35d823%40exch13c.ms.gettysburg.edu.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

RE: REST API Request authentication

Henry Versemann
In reply to this post by Mark Pitely

Mark,

 

Unfortunately the overall process will be external to our DOTCMS, but still within a scheduled process, run on a server in our local domain system here.

 

Our DOTCMS system I believe is currently hosted in the cloud, and managed by DOTCMS personnel themselves.

 

So then is there any documentation that you’re aware of that tells how to Send DOTCMS a request for the credentials I would need for such an external process?

 

I’m continuing to look, but haven’t found anything yet.

 

Let me know when you can.

 

Thanks.

 

Henry

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Mark Pitely
Sent: Friday, September 08, 2017 9:16 AM
To: [hidden email]
Subject: Re: [dotcms] REST API Request authentication

 

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

 

Mark Pitely

Marywood University

 

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <[hidden email]> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

 

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

 

So is  there any documentation on how to get this done, or start this process?

 

I’ve just started looking.

 

Thanks for the help.

 

Henry

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700E5BB08B0BCDE42A3B4E5AD950%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

RE: REST API Request authentication

Nathan Keiter

If you have access to the back-end, you would just simply create a user and add the roles required for the content in question.

 

You could compile the credentials into your external app if you don’t want them exposed in the browser source. And of course in any case use https.

 

Nathan I. Keiter | Lead Network Applications Programmer | Benefits Advisory Council Member | I.D.E.A Council Member
Gettysburg College | Information Technology | DataSystems
Campus Box 2453 | 300 North Washington Street | Gettysburg, PA 17325
Phone: 717.337.6993

https://www.gettysburg.edu

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Henry Versemann
Sent: Friday, September 08, 2017 1:05 PM
To: [hidden email]
Subject: RE: [dotcms] REST API Request authentication

 

Mark,

 

Unfortunately the overall process will be external to our DOTCMS, but still within a scheduled process, run on a server in our local domain system here.

 

Our DOTCMS system I believe is currently hosted in the cloud, and managed by DOTCMS personnel themselves.

 

So then is there any documentation that you’re aware of that tells how to Send DOTCMS a request for the credentials I would need for such an external process?

 

I’m continuing to look, but haven’t found anything yet.

 

Let me know when you can.

 

Thanks.

 

Henry

 

From: [hidden email] [[hidden email]] On Behalf Of Mark Pitely
Sent: Friday, September 08, 2017 9:16 AM
To: [hidden email]
Subject: Re: [dotcms] REST API Request authentication

 

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

 

Mark Pitely

Marywood University

 

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <[hidden email]> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

 

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

 

So is  there any documentation on how to get this done, or start this process?

 

I’ve just started looking.

 

Thanks for the help.

 

Henry

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700E5BB08B0BCDE42A3B4E5AD950%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/b4d6d9a9170c4244932b91103fa2c5ec%40exch13c.ms.gettysburg.edu.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: REST API Request authentication

Mark Pitely
In reply to this post by Henry Versemann
If you are using an external host, you use a username/password from the dotCMS system that has the correct privileges. Just be careful since this will be communicated via javascript (probably) and potentially sniffed - create a new user to do what you need, don't use Administrator.

M

On Fri, Sep 8, 2017 at 1:05 PM, Henry Versemann <[hidden email]> wrote:

Mark,

 

Unfortunately the overall process will be external to our DOTCMS, but still within a scheduled process, run on a server in our local domain system here.

 

Our DOTCMS system I believe is currently hosted in the cloud, and managed by DOTCMS personnel themselves.

 

So then is there any documentation that you’re aware of that tells how to Send DOTCMS a request for the credentials I would need for such an external process?

 

I’m continuing to look, but haven’t found anything yet.

 

Let me know when you can.

 

Thanks.

 

Henry

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Mark Pitely
Sent: Friday, September 08, 2017 9:16 AM
To: [hidden email]
Subject: Re: [dotcms] REST API Request authentication

 

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

 

Mark Pitely

Marywood University

 

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <[hidden email]> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

 

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

 

So is  there any documentation on how to get this done, or start this process?

 

I’ve just started looking.

 

Thanks for the help.

 

Henry

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

 

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700E5BB08B0BCDE42A3B4E5AD950%40BLUPR0501MB1700.namprd05.prod.outlook.com.

For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqMHt-yHg8uROM9V1%2BzNyWCK2X2%3DyXag2DUjWtRuGpoghg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.