Securing exposed REST API

If you have questions or if you want to share your opinion about Aware IM post your message on this forum
Post Reply
Platinum_ar
Posts: 92
Joined: Thu Jan 10, 2013 10:50 pm

Securing exposed REST API

Post by Platinum_ar »

How can we configure the OAuth for the protection of endpoints exposed by AwareIM? There is only a checkbox and nothing more.

Second question, is it possible to use basic authentication or any other method?
I assume basic auth is impossible because we cannot read the header parameters from the request.
Also, there are no functions for a token (e.g. JWT) generation, decoding, encoding. Same for base64 - no option to encode and decode string without a java plugin.

Am I missing something? Is OAuth 2.0 the only way to secure API endpoints if we want to avoid non-standard methods like a plain string that is verified in a process?
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: Securing exposed REST API

Post by aware_support »

OAuth is the only option to secure your services.

There is a document that explains what needs to be done. Please send us an email and we will send the document to you.
Aware IM Support Team
cishpix
Posts: 183
Joined: Fri Nov 06, 2015 5:07 am
Location: Indonesia

Re: Securing exposed REST API

Post by cishpix »

aware_support wrote: Thu Mar 18, 2021 4:04 am There is a document that explains what needs to be done. Please send us an email and we will send the document to you.
Hi Support, Is the document not available for public?
Regards,

Suwandy
-----------------
Kisaran - Indonesia
aware_support
Posts: 7523
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: Securing exposed REST API

Post by aware_support »

It is not currently in the public domain - we email it upon request.
Aware IM Support Team
Post Reply