api_webservice_adaptor
Differences
This shows you the differences between two versions of the page.
|
api_webservice_adaptor [2024/12/09 15:27] montse [Predefined Functions for REST in the Web Adaptor] |
api_webservice_adaptor [2024/12/10 15:37] (current) montse [Authentication Types] |
||
|---|---|---|---|
| Line 108: | Line 108: | ||
| * Headers: indicates the headers that must be added to the request. | * Headers: indicates the headers that must be added to the request. | ||
| * Content-type: HTTP standard header that indicates the type of content that is added to the body of the request. | * Content-type: HTTP standard header that indicates the type of content that is added to the body of the request. | ||
| - | * Body: Content of the Http request. | + | * Body: content of the Http request. |
| * **postRest(resource, headers, content-type, body)** | * **postRest(resource, headers, content-type, body)** | ||
| Line 139: | Line 139: | ||
| * **setDigestAuthentication(user, password, realm, nonce, algorithm, Qoq, NonceCount, ClientNonce, Opaque)** | * **setDigestAuthentication(user, password, realm, nonce, algorithm, Qoq, NonceCount, ClientNonce, Opaque)** | ||
| - | * Description: It allows to configure the authentication scheme of the requests that are send to the endpoint as Digest Authentication Scheme. It overwrites the security setting done in the adapter setup. | + | * Description: it allows to configure the authentication scheme of the requests that are send to the endpoint as Digest Authentication Scheme. It overwrites the security setting done in the adapter setup. |
| * User: username used as credential. | * User: username used as credential. | ||
| * Password: password to present as credential. | * Password: password to present as credential. | ||
| Line 179: | Line 179: | ||
| Now comes the enumeration of the authentication types, make a brief description of them and think what parameters we might need. | Now comes the enumeration of the authentication types, make a brief description of them and think what parameters we might need. | ||
| - | * ** No Authorization (None Auth): ** If the user selects this method, it is not necessary to authenticate to use the service. | + | * ** No Authorization (None Auth): ** if the user selects this method, it is not necessary to authenticate to use the service. |
| - | * ** Basic Authorization (Basic Auth): ** The simplest method only requires the user and password parameters. https://en.wikipedia.org/wiki/Basic_access_authentication | + | * ** Basic Authorization (Basic Auth): ** the simplest method only requires the user and password parameters. https://en.wikipedia.org/wiki/Basic_access_authentication |
| - | * ** Digest Authorization (Digest Auth): ** This method is a bit stronger because the key is encrypted and the user, in the postman tool when you select this type of authentication requests the following parameters:\\ \\ | + | * ** Digest Authorization (Digest Auth): ** this method is a bit stronger because the key is encrypted and the user, in the postman tool when you select this type of authentication requests the following parameters:\\ \\ |
| * User | * User | ||
| * Password\\ \\ And as optional (default values are used if the user does not provide them) the following:\\ \\ | * Password\\ \\ And as optional (default values are used if the user does not provide them) the following:\\ \\ | ||
| - | * Realm: Security domain against which to authenticate. | + | * Realm: security domain against which to authenticate. |
| - | * Algorithm: Encryption algorithm. MD5 or MD5-sess. | + | * Algorithm: encryption algorithm. MD5 or MD5-sess. |
| - | * Nonce: Code that the server issues in the response when a request is not authorized. It is unique per session and must be included in the following requests. | + | * Nonce: code that the server issues in the response when a request is not authorized. It is unique per session and must be included in the following requests. |
| - | * Qop: Quality of protection, the possible values are auth (more common) or auth-int (authorization with integrity) I think less supported and used. | + | * Qop: quality of protection, the possible values are auth (more common) or auth-int (authorization with integrity) I think less supported and used. |
| - | * Nonce Count: Number of request made to the server with the same nonce, its obligation depends on the value assigned to Qop. | + | * Nonce Count: number of request made to the server with the same nonce, its obligation depends on the value assigned to Qop. |
| - | * Opaque: It is a value returned by the server in the first unauthorized response, and must be added without modifying all subsequent requests to the server. https://en.wikipedia.org/wiki/Digest_access_authentication | + | * Opaque: it is a value returned by the server in the first unauthorized response, and must be added without modifying all subsequent requests to the server. https://en.wikipedia.org/wiki/Digest_access_authentication |
| - | * ** OAuth 1.0:** This method, open Authorization, is more modern to create a first standard related to authentication. OAuth 2.0 is used more but we could find a service that uses it. In Postman the following parameters are requested:\\ \\ | + | * ** OAuth 1.0:** this method, open Authorization, is more modern to create a first standard related to authentication. OAuth 2.0 is used more but we could find a service that uses it. In Postman the following parameters are requested:\\ \\ |
| - | * ConsumerKey: A value used by the consumer of the service to identify himself to it. | + | * ConsumerKey: a value used by the consumer of the service to identify himself to it. |
| - | * ConsumerSecret: Token used by the consumer to validate their ownership of the ConsumerKey. | + | * ConsumerSecret: token used by the consumer to validate their ownership of the ConsumerKey. |
| - | * Access Token: Access Token. | + | * Access Token: access Token. |
| - | * Token Secret: Another key to ensure ownership of the access token.\\ And as optional parameters (default values if user does not enter):\\ | + | * Token Secret: another key to ensure ownership of the access token.\\ And as optional parameters (default values if user does not enter):\\ |
| - | * Signature Method: The signature method used by the consumer to sign the requests. | + | * Signature Method: the signature method used by the consumer to sign the requests. |
| - | * Timestamp: A timestamp is added to the request. | + | * Timestamp: a timestamp is added to the request. |
| - | * Nonce: Random string generated by the client, will be added to all the requests. | + | * Nonce: random string generated by the client, will be added to all the requests. |
| - | * Realm: Indicates the security domain that performs authentication. https://es.wikipedia.org/wiki/OAuth | + | * Realm: indicates the security domain that performs authentication. https://es.wikipedia.org/wiki/OAuth |
| - | * ** OAuth 2.0:** The evolution of OAuth 1.0, is the standard most supported by large Internet companies, Google, Facebook, Twitter, etc., not being an expert, I believe it is two-step authentication. Postman only asks for the parameter: | + | * ** OAuth 2.0:** the evolution of OAuth 1.0, is the standard most supported by large Internet companies, Google, Facebook, Twitter, etc., not being an expert, I believe it is two-step authentication. Postman only asks for the parameter: |
| * Access Token. Access code to the service. But in the option to request an Access Token request data to authenticate against the service that is going to give you the access code for that operation. In addition to these methods other authentication methods appear in Postman such as: | * Access Token. Access code to the service. But in the option to request an Access Token request data to authenticate against the service that is going to give you the access code for that operation. In addition to these methods other authentication methods appear in Postman such as: | ||
| * Bearer Token. https://swagger.io/docs/specification/authentication/bearer-authentication/ | * Bearer Token. https://swagger.io/docs/specification/authentication/bearer-authentication/ | ||
api_webservice_adaptor.1733758055.txt.gz · Last modified: 2024/12/09 15:27 by montse
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
