Skip to content

REST_Authenticate

Jump to bottom
Julio Carneiro edited this page Nov 21, 2017 · 9 revisions

The REST_Authenticate HTTP POST Request is used to authenticate users to your application. That request MUST be called before any other request (except for REST_GetApplicationVersion or REST_GetVersion), is sent to 4D. REST_Authenticate will generate a Session token to must be included in any other requests.

The POST request payload must include the following arguments/attributes:

  • username: the user name to authenticate
  • password: the user's password

Both attributes must be Base64 encoded, so not to be easily visible by hackers, and the password must be a MD5 hash of the actual password. That'll prevent the password to be out in the open.

A couple of methods that are called by REST_Authenticate must be present in the host database and set as shared with components:

  • users_ValidateUser: this method takes the username and password values received by the request, validates them against your application and returns true/false if username+password are valid.
  • users_GetUserOptions: this method takes the username as a parameter and returns an Object with the user options/attributes/privileges for your Application. The Object should have at least the following attributes:
    • isAdmin: a boolean indicating if user has Administrator privileges
    • isReadOnly: a boolean indicating if user has Read Only access to the database
    • your own: any other user privileges or attributes you need for your application
  • users_GetUserGroups: this method takes the username and a pointer to a Text array as parameters. It should populate the array with the names of all Groups the user is assigned to

(samples for the methods above can be found in the Samples folder)

The REST_Authenticate Request will return a JSON object with the following attributes:

  • valid: a boolean value to indicate if the user+password were validated
  • session: if user+password were authenticated, this property will contain an object with the session information:
    • options: the contents of the Object returned by users_GetUserOptions
    • groups: the contents of the Array returned by users_GetUserGroups
    • key: the Session Token to be sent back in all further requests

Here is a sample payload sent on a call to REST_Authenticate:

https://gyazo.com/3cccf31bc3f140aae0e4a67f95cd87d9

And a sample response from the request above:

https://gyazo.com/3fdff852fc4f5ed421ce771a3507ac4b

(additional attributes on the example above are used by the target application)

Clone this wiki locally