User Credentials passed to REST call

#1

Can individual user credentials be passed as the auth string for the REST call? We have set Tenant level authorization using a service account and storing the credentials in c3Vault, but we would like each users credentials to be passed to the API.

Currently, we are setting the auth using TenantConfig. Our @rest ( url = ‘url’, auth = ‘c3Vault:apiName.api’)

0 Likes

#2

You can override what gets passed in the Authorization header of the Rest request., by using the header and headerName rest annotations (refer to the Ann.Rest c3 type documentation) and passing the value in the action invocation.

For example, I have a rest api type, TestRest

@rest(url='c3Vault:rest.ws', auth='c3Vault:rest.ws') type TestRest mixes REST {

and if I define an action as follows

@rest(uri='getUserName', method='GET')
userName: function(@rest(header=true, headerName='Authorization') userAuthToken: string): string

When invoking this action, instead of passing the auth configured through the TenantConfig, the Authorization header will be overridden with whatever I pass in the action invocation, i.e. TestRest.userName("my-user-token") will be sent to the configured url as an http GET request with “my-user-token” in the Authorization header.

0 Likes

#3

Is there an alternative that doesn’t require the user to manually pass in their credentials? Assuming they’re already signed in through a SSO, can their SSO auth token be passed under the hood instead of explicitly as a function argument? Essentially specifying @rest(auth='...') at the User level instead of Tenant level.

0 Likes

#4

No, there is no such option currently.

0 Likes