Technical documentation - Signifikant REST API authentication

Owned by Kenneth Jonsson
Last updated: 15 Feb 2022 by Mattias Löfstrand
2 min read

APi services are protected by basic authentication. A configuration file defines a few accounts/roles, each call to api functions are matched to the definition.

API is available in version 5.0 and later.

Configuration file

Since api is available by Signifikant Server and by Signifikant Web application, the configuration is used by both, and the file it is found in the common folder: C:\ProgramData\Signifikant\Assert\api-permission.config. The file is created at first access, with Enable = false, to provide a file to start edit of login/password and role but with all access control disabled.

Roles

The file defines login to these roles for services in the web viewer:

Role/function

Server

Comment

Role/function

Server

Comment

Api

Signifikant Server, Signifikant Web Viewer

Services to return data of may kinds to the caller, see below for other document pages.

ApiUpload

Signifikant Web Viewer

Upload prices and availability to web viewer.
This role/function is available in version 5.1 and later.

BulletinMail

Signifikant Web Viewer

To access API for bulletin mail. This role is available in version 5.0.4 and later.

PublisherApi

Signifikant Server

Transform, import and publish data in the editor server using REST calls, from task scheduler or from external clients

WebApiAdmin

Signifikant Web Viewer

To issue a reset cache operation to dump and restore indexes

WebPublisherApi

Signifikant Web Viewer

Remote publisher upload and file system synchronize functions, to update a web server file system with remote or synchronize data

WebSynchronizerApi

Signifikant Web Viewer

Download file system information and database/image/document/contentset files from a web server to the Offline application.

Username and password for the WebPublisherApi role is defined in server.config (Manager side), refer to PublisherSettings section.

Sample api-permissions.config file

<?xml version="1.0" encoding="utf-8"?> <ApiPermissionConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <Enabled>true</Enabled> <PermissionList> <ApiPermission> <Enabled>true</Enabled> <Username>admin</Username> <Password>admin</Password> <Roles>WebSynchronizerApi,WebPublisherApi,PublisherApi, WebApiAdmin</Roles> <AllowAnonymous>false</AllowAnonymous> </ApiPermission> <!-- API permissions support basic authentication with UserName/Password Starting in version 5.1.7 also ApiKey is supported. --> <ApiPermission> <Enabled>true</Enabled> <ApiKey>83444b0c-91ae-4f61-89c6-f5bc6e5a29b2</ApiKey> <Roles>Api</Roles> <AllowAnonymous>false</AllowAnonymous> </ApiPermission> <ApiPermission> <Enabled>true</Enabled> <Username>publisher</Username> <Password>publisher</Password> <Roles>WebPublisherApi, WebApiAdmin</Roles> <AllowAnonymous>false</AllowAnonymous> </ApiPermission> <ApiPermission> <Enabled>true</Enabled> <Username>task</Username> <Password>task</Password> <Roles>PublisherApi, Api</Roles> <AllowAnonymous>false</AllowAnonymous> </ApiPermission> <ApiPermission> <Enabled>true</Enabled> <Username>synchronizer</Username> <Password>synchronizer</Password> <Roles>WebSynchronizerApi</Roles> <AllowAnonymous>false</AllowAnonymous> </ApiPermission> <!-- Permissions for APIs related to Bulletin mail added in version 5.1.0 --> <ApiPermission> <Enabled>true</Enabled> <AllowAnonymous>false</AllowAnonymous> <Username>uploader</Username> <Password>uploader</Password> <Roles>ApiUpload</Roles> </ApiPermission> <!-- Permissions for APIs related to Bulletin mail added in version 5.0.4 --> <ApiPermission> <Enabled>true</Enabled> <AllowAnonymous>false</AllowAnonymous> <Username>bulletin</Username> <Password>bulletin</Password> <Roles>BulletinMail</Roles> </ApiPermission> </PermissionList> </ApiPermissionConfiguration>

Login

Each login is stored with a separate Enable-flag, to disable a definition but still keep it in the file for future references.

Username and password are entered as simple text, so the file should not be distributed too freely.

Anonymous users

By defining the AllowAnonymous attribute, the role is enabled for access without Basic authentication; i.e. information is access by an anonymous access.