cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Basic Auth vs API Key (HOPEX V5 and forward)

oguimard
Retired

Starting from HOPEX V5 the method for authentication for API has evolved.

  1. With a Basic Auth.
  2. With an API Key (preferred choice)

 

Former Bearer Token is not available in V5. Oauth2 Authentication is not supported for the moment for API calls.

 

Depending on the use case you want to use the API you may use one or the other authentication method. Regardless of the chosen authentication methods the others headers and body information will remain the same.

 

Basic Auth

 

The basis Auth allow you to access the API directly with credentials : loing/password.

 

How to use it

  • For instance, in Postman when calling the API choose "Basic Auth" and fill-in the user password. The information will be encoded with Base64 to avoid to be readable when sent. 

basicAuth.png

 

  • For instance, in a script in curl add the header Authorization: Basic and pass the encoded value of the login and password.

 

 

 

curl --location --request POST 'httpx://www.myserver.com/HOPEXGraphQL/api/ITPM' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic V2Vic2VydmljZTpIb3BleA==' \
--data-raw '{"query":"query {\n    application {\n        id\n        name\n        cloudComputing\n    }\n}","variables":{}}'

 

 

 

 

This authentication method is useful when you need to check identity and get the data with a login/password logic. It is nonetheless less secure than an API Key.

 

How to enable it

You need to create a dedicated User/Password within the HAS console to be able to use it in API Call. This user can be :

  • Admin user.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click "User accounts"
  4. Click "Create"
  5. Fill in the form
    1. Give a login to you user
    2. Give a password or generate one
    3. Select the Role : Administrator or Custom
    4. Select if you allow to open a session on a specific repository and profile
    5. Give the login of the HOPEX user
    6. Select the environment (there should be only one)
    7. Select the repository (if more than one)
    8. Select the profile (if more than one)
    9. Selection the session mode : multi or single (see below for more detail on what to chose)
    10. Select the connection mode : read/write or read only.
    11. Click submit

You can now use this login/password for API call.

 

oguimard_0-1678959250029.png  

oguimard_1-1678959271270.png

oguimard_2-1678959520817.png

 

 

API Key

To access the API with an API Key you need to create it and defined all the technical information.

  • admin or user api key
  • repository and profile to connect to.

Once you will have defined this information the system will give you the API key. this API Key can be valid for all time or have a validity period.

 

Security

The API Key generate does not contains any information that can be decrypted or decoded. 

 

Use case

It is recommended Authentication methods whenever possible. It is ideal when scripting, when developing external app or when doing integration with external tools.

 

How to use it

  • For instance, in Postman when calling the API choose "API Key" and fill-in the API Key value.
    • Key:      x-api-key
    • Value : xxxxxxxxx 

Now you can make call to any endpoint.

 

oguimard_0-1678960174274.png

 

  • For instance, in a script in curl add the header x-api-key and pass the value of the API Key.

 

 

 

curl --location 'https://w-ogd/HOPEXGraphQL/api/ITPM' \
--header 'x-api-key: 5snybEHxGR8uTRAks2ySEgYs8t82rQ6KqkrcEsp9srw737WmPZcJvpk1gNctBCjVQZvBwrryaFzJkHk61Q1eFJex' \
--header 'Content-Type: application/json' \
--data '{"query":"query\n{\n  application\n  {\n    id\n    name\n  }\n}","variables":{}}'

 

 

 

How to enable it

You need to create a dedicated API Key within the HAS console to be able to use it in API Call. This API Key can be :

  • Admin API Key.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click API Keys
  4. Click "Create"
  5. Fill in the information
    1. Name : for you to remember what this API key will be used for
    2. Expiration date : if you want to limit the validity period of this API Key
    3. Description : for you to remember what this API key will be used for
    4. Select the Role : Administrator or Custom
    5. Select if you allow to open a session on a specific repository and profile
    6. Give the login of the HOPEX user
    7. Select the environment (there should be only one)
    8. Select the repository (if more than one)
    9. Select the profile (if more than one)
    10. Selection the session mode : multi or single
    11. Select the connection mode : read/write or read only.
    12. Click submit
    13. Copy/paste the API Key and save it for later use

You can now use this login/password for API call.

 

Caution : 

  • the API key will appear on the screen only once so keep it !
  • there is no mean to regenerate the API key. You will have to reset all the parameters to create a new one.
  • the API cannot be displayed later to get it again

 

oguimard_0-1678960544106.png

 

oguimard_1-1678960704044.png

 

oguimard_0-1678961190979.png

 

Mode Multi or Single

 

This mode will change the behaviour in the back-end to process the request. When to choose which one :

 

Multi : for all purposes where you need responsiveness in the API calls.

  • Benefit : you benefit from caches, ready to use process to respond your query
  • Inconvenient : not adapted to static website generation

Single : for heavy computing treatment. Ideal for heavy batch or static website generation

  • Benefit : you benefit from dedicated process. Adapted to heavy computation that will need several minutes/hours to responds.
  • Inconvenient : take time to response so.

 

 

 

 

28 Replies

trkkaradag
MEGA Partner
MEGA Partner

Hi Olivier,

 

Is there an environment and collection according to v5 to use in postman?

 

Tnx

 

Tnx

 

 

 

trkkaradag
MEGA Partner
MEGA Partner

Hi Olivier,

 

Thank you for the information. 
I see environment as empty. 

trkkaradag_0-1679316813640.png


(For V4 you previously had an environment named "Sample.postman_environment")

 

Kind Regards

 

trkkaradag
MEGA Partner
MEGA Partner

Hi Olivier,

 

When we wrote https://xxx/hopexgraphql in Hopex V4, the graphql page was opening. I'm trying to understand what's the difference in v5

 

Kind Regards

I have added the sample as before

 

oguimard_0-1679483094856.png

 

pgunna
Super Contributor

I have the same issue, how did you resolve the graphql URL issue

@pgunna Can you please explain more you problem ?

pgunna
Super Contributor

We are migrating from Hopex v4 cp7 to V5, we are using Graph QL API in v4. After V5 upgrade, we are able to login to web client but Graph QL API is not working. Create user and password per the documentation in admin console, copied the custom json.   Basic Auth and API keys are both failing..

Let's not mix the problem :

  • Step 1 : make it work on standard schema
  • Step 2 : you'll test on your custom schema.

Saying it's not working is unclear.

  • Share Some screenshot with error message ?
  • Share how you have created the user ? 
  • Share the logs...