OutSystems Platform allows you to add basic authentication to requests made to your REST APIs.

Typically, the steps to implement basic authentication in a REST API are the following:

  1. Set the REST API to use basic authentication. All methods in the REST API will require basic authentication;
  2. Test any method in the REST API with and without user credentials.

To register a user credentials, you should go to your user management application. Read more About End-user Management.


We have an application to manage contacts. It has the 'Contacts' REST API with method 'GetContacts'. This REST API doesn't have any authentication yet. In this example, we will add basic authentication to it.

This example is a continuation of another one in a previous topic. To see how to create the REST API service and method, please read Expose Data using REST.

Set the REST API to Use Basic Authentication

We've got to set the authentication mode for the REST API:

  1. Go to the Logic tab and expand the 'Integrations' folder;
  2. Select the 'Contacts' REST API and set its 'Authentication' property to 'Basic'.

OutSystems Platform creates the OnAuthentication action to handle basic authentication with:

All methods of the 'Contacts' REST API will now require basic authentication.

Test the Method

After deploying to our environment in the public cloud, we test the method with a curl command:

curl https://osacademy.outsystemscloud.com/ContactsAPI/rest/Contacts/GetContacts

The result is:

We need to authenticate, so we add the credentials to the request:

curl --user mike.fitt:123456 https://osacademy.outsystemscloud.com/ContactsAPI/rest/Contacts/GetContacts

The result is:

We have to go to the user management console to register the user credentials: mike.fitt/1234565.

Now, when we run the curl with the credentials, it works and returns the following result:

Using Roles in REST APIs

Roles allow you to select which API resources a user has access to. This means that after a user has authenticated, you can still decide if that user has the privileges to use a REST API or a method. Learn more about roles.

See Also

Add Custom Authentication | Expose Data using REST