OutSystems Platform allows you to customize the authentication logic to be used with REST APIs.
To implement it, take the following steps:
We have an application to manage contacts. It has the 'Contacts' REST
API with a method called 'GetContacts' that provides the list of all Contacts.
To see how to create the REST API service and method, please read Expose
Data using REST.
We want to use API keys to authenticate applications that send REST API requests to our server.
In this example we will implement a custom authentication logic, where the REST API expects to receive two parameters in the header: AppId and AppKey. These will be used to validate if the request is valid.
We have to set the authentication mode for the REST API:
As a result, you have the 'OnAuthentication' callback action added to your REST API.
In the 'OnAuthentication' action flow, follow these steps to define the authentication logic:
After deploying to our environment in the public cloud, we test the method with a curl command:
The result is a response with status code 500. The message body contains the error message you added when raising the User Exception:
Now let's test it with a valid app id and key that is stored in the APIKey entity:
curl -H "X-Contacts-AppId: ghjfxdfAvs596vcGfsvf0ef1" -H "X-Contacts-Key: 6tsdgdjl9fsKDd5zsvnwmdjosDmrufbs93susadLHDvjfhbnwtTRbsnucnrb" https://osacademy.outsystemscloud.com/ContactsAPICustomAut/rest/Contacts/GetContacts
The result is:
Add Basic Authentication | Expose Data using REST