Expose and Consume REST API - Security
Application Type
Reactive, Service
Service Studio Version
11.11.2 (Build 42827)

Hi, I've tried researching this, but I keep getting half answers and constantly end up hitting walls.

I am trying to expose an API for an external Company to use, but before we give them the documentation, I'd like to test it myself (in Outsystems). Exposing and Consuming the APIs I can do with little effort, but now I would like to add some security to it.

Ideally, I would like to use a Service account, but I'm unclear as to how to use the Token I received (in LifeTime) with Basic Authentication - as the Token is 200+ characters long and Basic's Username/Password are both capped at 128.

Does that mean that I need to create a User Account in LifeTime for every company that potentially uses the API instead of Service Accounts

How would I need to adjust the module to Log In using the LifeTime account rather than using the Built-In Users table - that we are using for our End-Users


Edit: What I'm trying to achieve is the following:
We have an external company that will provide us with users and data for our platform, and I need to create the user and link its corresponding data back to it.

The problem I am having is that I need to create a User in the Users Table, using the built in function - which requires the User Manager Role, meaning I need to create a User before a User exists

So I came to the conclusion that I need to log in as an existing user, apply the role to that user, and create the client without issue. But I cannot use our existing End-User credentials, as they will likely need to be directed to whichever Company the clients are coming from - hence the Service Account seems to be the most likely solution

But I am given a Token that I have no idea how to Expose, and applying it in the Consuming step yields a "header not well formed" message - and the token is too long for the Basic Username and Password fields.

If I am doing this wrong from the start, I am open to any other solutions that will help accomplish my task

Hi Daniel, I have read these before.

Regarding the first link you sent - I have followed the instructions, created the Service Account, saved the token but I get stuck as to how to apply the Token I received during the Expose stage - does it fall under Basic or Custom - how would I log in using the token to get the User ID for the Service Account. During the Consuming of the API, following the Authorization step, I get an error message saying "Header not well formed" or something to that effect - which leads me to assume that I Exposed it wrong.

Regarding the Second link, a colleague of mine have followed the steps, and without me needing to supply anything, it approved the connection automatically, which seems to be ineffective as it always approved the connection

And the last Link -the forge post - It appears to be outdated and cannot open - I get the following error

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.