How can I create secure REST APIs with OutSystems?
Table of contents
When exposing a REST API, a team can configure the service to require authentication. There are three authentication modes available:
- None: Anyone can invoke the API without needing to authenticate;
- Basic: To invoke the REST API, a team will need to specify a username and password on the HTTP headers of the request;
- Custom: An organization can implement their own authentication mechanism.
To require username/password authentication in a team's REST APIs, a team has the option to add basic authentication. This is done in the visual editor by setting the 'Authentication' parameter for the service.
Once a service has basic authentication, all clients that use the API need to send the credentials on the HTTP headers of the request. If no credentials are present, OutSystems automatically sends a JSON response with an error message, which looks like:
"Basic Authentication required."
When clients send their credentials, OutSystems makes them available as parameters. This automates much of the boilerplate code that developers need to implement authentication functionality.
Implement a custom authentication logic by using existing hooks. In this case, a team could use built-in methods to check the HTTP header and body the client sent.
Alternatively, a team can also use their own custom code to extend the built-in methods.
Follow these links to learn more: