Setting up guest access
- Tutorial
Setting up access to certain API services for unauthenticated users and users without login accounts, also known as guest access.
- Background
You may provide access to certain API services and resources based on the provisioned API key alone, without requiring authentication or session instantiation. The permissions granted these users are based solely on the API key they provide and the access granted by the default role of that API key. Calls to the API using this API key will be treated as guest calls as long as no session token is provided along with the call, so both non-existent users and not-logged-in users are treated the same with respect to access.
- Example: using the admin app GUI
1. Create a role with the desired access.
- Navigate to 'Roles' > 'Create', enter 'Name' and 'Description' values, and check the box labeled 'Active'.
- Navigate to the 'Access' tab of the role being created and add access rule(s) as desired. In this example, we will allow GET access to all contents of the local storage folder called
images
.
- Click 'Create Role' and observe a green pop-up message informing you "Role saved successfully."
2. Create an API key for guest usage.
- Navigate to 'Apps' > 'Create', enter 'Application Name' and 'Description' values, select the role you created in step #1 under 'Assign a Default Role', and check the box labeled 'Active'.
- Click 'Create Application' and observe a green pop-up message informing you "{Application Name} saved successfully."
- Navigate back to 'Apps' > 'Manage', click on the row of the app you just created, and make note of the API key that has been generated for you.
3. Test guest access.
- From the REST API client of your choice, make an unauthenticated API call to the resource(s) you've made available using the API key you've created.
- For example, from a browser, since all browsers perform a GET by default, navigate to
- Example: using the API