If your project comes with the login page REST API access will also require passing security credentials in order to get access. Our REST API supports HTTP Basic authorization and authorization via API key.
If you try to connect to REST API without specifying security credentials or specifying incorrect credentials you will receive an error message like this:
{
error: "Access denied",
success: false
}
HTTP Basic Authorization
An example of authentication of the user with username admin and password pass1.
curl --user admin:pass1 "http://localhost:8086/api/v1.php?table=customers&action=list"
API Key Authorization
An example of authentication of the user with api key dsagdsew45234etw435.
curl -H "X-Auth-Token: dsagdsew45234etw435" "http://localhost:8086/api/v1.php?table=customers&action=list"
And this is how API key setup looks in the database and in the project itself.
Advanced Security
If you use Advanced Security option like "Users can see and edit their own data only" in your project, the same security settings will be automatically applied to REST API calls as well.
Events
The following security related events will be fired in case of the access via REST API. You can use it to prohibit certain users to access your app via REST API or to log some actions.
When your project provides access via REST API you need to be more careful writing events code. For instance, if you add the following code to AfterSuccessfulLogin event you will break the REST API execution.
header("Location: customers_list.php");
exit();
In such case you can use inRestApi() function to only redirect users who logged in manually.
if (!inRestApi()) {
header("Location: customers_list.php");
exit();
}