[Data Grid Sample] How can we guarantee the security of the data access of the exposed REST?

Forge Component
(14)
Published on 3 Aug (5 days ago) by OutSystems R&D
14 votes
Published on 3 Aug (5 days ago) by OutSystems R&D

Hi

If the GridContainer expects a REST endpoint to get the content of the table, what is the best approach to guarantee the security of the data access as we should expose this service to be accessed by javascript code, right? 


Best regards
Tiago Vital

Solution

Hi Tiago,

You could create some form of token based authorization to secure your endpoints, but if you're looking for something simpler, there's also the Session_GetWebAppLoginInfo action in the PlatformRuntime_API extension.

It should return a User Id if your REST service is being invoked by an authenticated user, so you can use it to ensure your REST services are only accessed by users that have logged in. Check this thread for more detail.

Solution

Afonso Carvalho wrote:

Hi Tiago,

You could create some form of token based authorization to secure your endpoints, but if you're looking for something simpler, there's also the Session_GetWebAppLoginInfo action in the PlatformRuntime_API extension.

It should return a User Id if your REST service is being invoked by an authenticated user, so you can use it to ensure your REST services are only accessed by users that have logged in. Check this thread for more detail.


Ok Afonso

Thanks very much.

I guess it is a good approach. I will take a look.