Technical documentation - Signifikant REST API authentication
- Kenneth Jonsson
- Mattias Löfstrand
APi services are protected by basic authentication. A configuration file defines a few accounts/roles, each call to api functions are matched to the definition.
API is available in version 5.0 and later.
Configuration file
Since api is available by Signifikant Server and by Signifikant Web application, the configuration is used by both, and the file it is found in the common folder: C:\ProgramData\Signifikant\Assert\api-permission.config. The file is created at first access, with Enable = false, to provide a file to start edit of login/password and role but with all access control disabled.
Roles
The file defines login to these roles for services in the web viewer:
Role/function | Server | Comment |
|---|---|---|
Api | Signifikant Server, Signifikant Web Viewer | Services to return data of may kinds to the caller, see below for other document pages. |
ApiUpload | Signifikant Web Viewer | Upload prices and availability to web viewer. |
BulletinMail | Signifikant Web Viewer | To access API for bulletin mail. This role is available in version 5.0.4 and later. |
PublisherApi | Signifikant Server | Transform, import and publish data in the editor server using REST calls, from task scheduler or from external clients |
WebApiAdmin | Signifikant Web Viewer | To issue a reset cache operation to dump and restore indexes |
WebPublisherApi | Signifikant Web Viewer | Remote publisher upload and file system synchronize functions, to update a web server file system with remote or synchronize data |
WebSynchronizerApi | Signifikant Web Viewer | Download file system information and database/image/document/contentset files from a web server to the Offline application. |
Username and password for the WebPublisherApi role is defined in server.config (Manager side), refer to PublisherSettings section. Technical documentation - Publish settings
Sample api-permissions.config file
<?xml version="1.0" encoding="utf-8"?>
<ApiPermissionConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Enabled>true</Enabled>
<PermissionList>
<ApiPermission>
<Enabled>true</Enabled>
<Username>admin</Username>
<Password>admin</Password>
<Roles>WebSynchronizerApi,WebPublisherApi,PublisherApi, WebApiAdmin</Roles>
<AllowAnonymous>false</AllowAnonymous>
</ApiPermission>
<!-- API permissions support basic authentication with UserName/Password
Starting in version 5.1.7 also ApiKey is supported. -->
<ApiPermission>
<Enabled>true</Enabled>
<ApiKey>83444b0c-91ae-4f61-89c6-f5bc6e5a29b2</ApiKey>
<Roles>Api</Roles>
<AllowAnonymous>false</AllowAnonymous>
</ApiPermission>
<ApiPermission>
<Enabled>true</Enabled>
<Username>publisher</Username>
<Password>publisher</Password>
<Roles>WebPublisherApi, WebApiAdmin</Roles>
<AllowAnonymous>false</AllowAnonymous>
</ApiPermission>
<ApiPermission>
<Enabled>true</Enabled>
<Username>task</Username>
<Password>task</Password>
<Roles>PublisherApi, Api</Roles>
<AllowAnonymous>false</AllowAnonymous>
</ApiPermission>
<ApiPermission>
<Enabled>true</Enabled>
<Username>synchronizer</Username>
<Password>synchronizer</Password>
<Roles>WebSynchronizerApi</Roles>
<AllowAnonymous>false</AllowAnonymous>
</ApiPermission>
<!-- Permissions for APIs related to Bulletin mail added in version 5.1.0 -->
<ApiPermission>
<Enabled>true</Enabled>
<AllowAnonymous>false</AllowAnonymous>
<Username>uploader</Username>
<Password>uploader</Password>
<Roles>ApiUpload</Roles>
</ApiPermission>
<!-- Permissions for APIs related to Bulletin mail added in version 5.0.4 -->
<ApiPermission>
<Enabled>true</Enabled>
<AllowAnonymous>false</AllowAnonymous>
<Username>bulletin</Username>
<Password>bulletin</Password>
<Roles>BulletinMail</Roles>
</ApiPermission>
</PermissionList>
</ApiPermissionConfiguration>Login
Each login is stored with a separate Enable-flag, to disable a definition but still keep it in the file for future references.
Username and password are entered as simple text, so the file should not be distributed too freely.
Anonymous users
By defining the AllowAnonymous attribute, the role is enabled for access without Basic authentication; i.e. information is access by an anonymous access.