REST API Request authentication

Henry Versemann

unread,

Sep 7, 2017, 5:41:58 PM9/7/17

to dot...@googlegroups.com

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

So is there any documentation on how to get this done, or start this process?

I’ve just started looking.

Thanks for the help.

Henry

Mark Pitely

unread,

Sep 8, 2017, 10:16:20 AM9/8/17

to dot...@googlegroups.com

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

Mark Pitely

Marywood University

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+unsubscribe@googlegroups.com.
To post to this group, send email to dot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

Nathan Keiter

unread,

Sep 8, 2017, 11:08:57 AM9/8/17

to dot...@googlegroups.com

A “front-end” login will also be natively absorbed, assuming the user has the appropriate roles.

https://www.gettysburg.edu

From: dot...@googlegroups.com [mailto:dot...@googlegroups.com] On Behalf Of Mark Pitely
Sent: Friday, September 08, 2017 10:16 AM
To: dot...@googlegroups.com
Subject: Re: [dotcms] REST API Request authentication

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

Mark Pitely

Marywood University

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <hvers...@stchas.edu> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

So is there any documentation on how to get this done, or start this process?

I’ve just started looking.

Thanks for the help.

Henry

--

http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--

http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.

Henry Versemann

unread,

Sep 8, 2017, 1:05:25 PM9/8/17

to dot...@googlegroups.com

Mark,

Unfortunately the overall process will be external to our DOTCMS, but still within a scheduled process, run on a server in our local domain system here.

Our DOTCMS system I believe is currently hosted in the cloud, and managed by DOTCMS personnel themselves.

So then is there any documentation that you’re aware of that tells how to Send DOTCMS a request for the credentials I would need for such an external process?

I’m continuing to look, but haven’t found anything yet.

Let me know when you can.

Thanks.

Henry

From: dot...@googlegroups.com [mailto:dot...@googlegroups.com] On Behalf Of Mark Pitely
Sent: Friday, September 08, 2017 9:16 AM
To: dot...@googlegroups.com
Subject: Re: [dotcms] REST API Request authentication

Henry,

For one thing, if you use the backend/EDIT_MODE for your code, you use the logged-in user's credentials by default, so the authentication is handled by the system. That is, the logged in user accessing the piece will only be able to make changes to contentlets and so on they are permissioned to use.

You only need to worry about authentication if you are using a different system to handle the calls to the API, or want to do something outside the normal dotcms user sequence.

Mark Pitely

Marywood University

On Thu, Sep 7, 2017 at 5:41 PM, Henry Versemann <hvers...@stchas.edu> wrote:

I’ve never used the REST API before but was wondering how I would get and encode the value(s) I’ll need to do basic authentication when sending requests to it?

I’m assuming that I need to get something like a Key and Secret either from our system or from DotCms themselves, in order to be able to use them for Base64 encoding, in formatting an Authorization header for Basic authentication.

So is there any documentation on how to get this done, or start this process?

I’ve just started looking.

Thanks for the help.

Henry

--

http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--

http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+un...@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.

Nathan Keiter

unread,

Sep 8, 2017, 1:25:29 PM9/8/17

to dot...@googlegroups.com

If you have access to the back-end, you would just simply create a user and add the roles required for the content in question.

You could compile the credentials into your external app if you don’t want them exposed in the browser source. And of course in any case use https.

https://www.gettysburg.edu

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700E5BB08B0BCDE42A3B4E5AD950%40BLUPR0501MB1700.namprd05.prod.outlook.com.

Mark Pitely

unread,

Sep 8, 2017, 1:25:52 PM9/8/17

to dot...@googlegroups.com

If you are using an external host, you use a username/password from the dotCMS system that has the correct privileges. Just be careful since this will be communicated via javascript (probably) and potentially sniffed - create a new user to do what you need, don't use Administrator.

M

--

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+unsubscribe@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700F88811CF451A641BEF6AAD940%40BLUPR0501MB1700.namprd05.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--
http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+unsubscribe@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/CAFeiKqPmhDgMJibN3q81ysG_Gkqr8GGWT%3DpPRyOJz6EajNkLJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--

http://dotcms.com - Open Source Java Content Management
---
You received this message because you are subscribed to the Google Groups "dotCMS User Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dotcms+unsubscribe@googlegroups.com.

To post to this group, send email to dot...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dotcms/BLUPR0501MB1700E5BB08B0BCDE42A3B4E5AD950%40BLUPR0501MB1700.namprd05.prod.outlook.com.

Reply all

Reply to author

Forward