How: Find AppId,  AppKey for implementing custom authentication in exposed REST API
Application Type
Service

Hi All,

I am trying to find out a way to generate/create/find API key and App Id for REST API custom authentication.

I followed article which doesn't mention anything about creating App Id and App Key:  "https://success.outsystems.com/Documentation/11/Extensibility_and_Integration/REST/Expose_REST_APIs/Add_Custom_Authentication_to_an_Exposed_REST_API?_gl=1*g1gk1w*_ga*MjA2NDk1MzkwNy4xNjAzMzU1ODU4*_ga_ZD4DTMHWR2*MTYxMjg2MzQxMy43Mi4xLjE2MTI4Njg1NzAuMzQ." 

I am aware that this is not the best practice of securing an API, but this approach suits best in my scenario.

Thanks in advance!

Hi SRS

You can find the keys you want on the Application entity, just reference it from the System.

Hope this helps.

Hi Paulo,

Thanks for response!

I am not sure, but I think the API Id and API key which is being mentioned in the article link I shared for custom authentication is different from what is present in the suggested Application entity. 

Could you please confirm.


Thanks!!

You are right, it's not the same thing.

I just answered on how to get the AppId and the AppKey, I thought that you were referring to the System's Application entity. 

But now that I saw the article, that is just an example of a use case about custom authentication on REST API. 

You have that described step by step, in which step are you stuck?

The APIKey and the AppId are like tokens that you need to send in the REST API call, then, you will need an action to validate these tokens (OnAuthentication) and only after this authentication check, the method is executed. 

So, you need to first define these values somewhere, for them to be validated against the inputs that are being sent on the REST API call. 

For instance, as a simple example, create 2 site properties: APIKey and AppID and give these some values.
Then define the REST API with these 2 input parameters and define the authentication logic on the OnAuthentication (check if the parameters in the header match the ones on the site properties).

This will be a simple start, let us know if you have further questions.


I am clear on the logic part, the article mentions the steps in details. I think I made it complex for myself on understanding the AppId and AppKey that will be used for authentication. 

According to article

  • <app_id> is an application identifier.
  • <api_key> is a secret key associated with the app identified by <app_id>. You should handle this value as you would handle a password.

So that is all.

Thanks!!


Champion

Hi SRS

Please refer to this official document.

Hope this helps.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.