cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Basic Auth vs API Key (HOPEX V5 and forward)

oguimard
Retired

Starting from HOPEX V5 the method for authentication for API has evolved.

  1. With a Basic Auth.
  2. With an API Key (preferred choice)

 

Former Bearer Token is not available in V5. Oauth2 Authentication is not supported for the moment for API calls.

 

Depending on the use case you want to use the API you may use one or the other authentication method. Regardless of the chosen authentication methods the others headers and body information will remain the same.

 

Basic Auth

 

The basis Auth allow you to access the API directly with credentials : loing/password.

 

How to use it

  • For instance, in Postman when calling the API choose "Basic Auth" and fill-in the user password. The information will be encoded with Base64 to avoid to be readable when sent. 

basicAuth.png

 

  • For instance, in a script in curl add the header Authorization: Basic and pass the encoded value of the login and password.

 

 

 

curl --location --request POST 'httpx://www.myserver.com/HOPEXGraphQL/api/ITPM' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic V2Vic2VydmljZTpIb3BleA==' \
--data-raw '{"query":"query {\n    application {\n        id\n        name\n        cloudComputing\n    }\n}","variables":{}}'

 

 

 

 

This authentication method is useful when you need to check identity and get the data with a login/password logic. It is nonetheless less secure than an API Key.

 

How to enable it

You need to create a dedicated User/Password within the HAS console to be able to use it in API Call. This user can be :

  • Admin user.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click "User accounts"
  4. Click "Create"
  5. Fill in the form
    1. Give a login to you user
    2. Give a password or generate one
    3. Select the Role : Administrator or Custom
    4. Select if you allow to open a session on a specific repository and profile
    5. Give the login of the HOPEX user
    6. Select the environment (there should be only one)
    7. Select the repository (if more than one)
    8. Select the profile (if more than one)
    9. Selection the session mode : multi or single (see below for more detail on what to chose)
    10. Select the connection mode : read/write or read only.
    11. Click submit

You can now use this login/password for API call.

 

oguimard_0-1678959250029.png  

oguimard_1-1678959271270.png

oguimard_2-1678959520817.png

 

 

API Key

To access the API with an API Key you need to create it and defined all the technical information.

  • admin or user api key
  • repository and profile to connect to.

Once you will have defined this information the system will give you the API key. this API Key can be valid for all time or have a validity period.

 

Security

The API Key generate does not contains any information that can be decrypted or decoded. 

 

Use case

It is recommended Authentication methods whenever possible. It is ideal when scripting, when developing external app or when doing integration with external tools.

 

How to use it

  • For instance, in Postman when calling the API choose "API Key" and fill-in the API Key value.
    • Key:      x-api-key
    • Value : xxxxxxxxx 

Now you can make call to any endpoint.

 

oguimard_0-1678960174274.png

 

  • For instance, in a script in curl add the header x-api-key and pass the value of the API Key.

 

 

 

curl --location 'https://w-ogd/HOPEXGraphQL/api/ITPM' \
--header 'x-api-key: 5snybEHxGR8uTRAks2ySEgYs8t82rQ6KqkrcEsp9srw737WmPZcJvpk1gNctBCjVQZvBwrryaFzJkHk61Q1eFJex' \
--header 'Content-Type: application/json' \
--data '{"query":"query\n{\n  application\n  {\n    id\n    name\n  }\n}","variables":{}}'

 

 

 

How to enable it

You need to create a dedicated API Key within the HAS console to be able to use it in API Call. This API Key can be :

  • Admin API Key.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click API Keys
  4. Click "Create"
  5. Fill in the information
    1. Name : for you to remember what this API key will be used for
    2. Expiration date : if you want to limit the validity period of this API Key
    3. Description : for you to remember what this API key will be used for
    4. Select the Role : Administrator or Custom
    5. Select if you allow to open a session on a specific repository and profile
    6. Give the login of the HOPEX user
    7. Select the environment (there should be only one)
    8. Select the repository (if more than one)
    9. Select the profile (if more than one)
    10. Selection the session mode : multi or single
    11. Select the connection mode : read/write or read only.
    12. Click submit
    13. Copy/paste the API Key and save it for later use

You can now use this login/password for API call.

 

Caution : 

  • the API key will appear on the screen only once so keep it !
  • there is no mean to regenerate the API key. You will have to reset all the parameters to create a new one.
  • the API cannot be displayed later to get it again

 

oguimard_0-1678960544106.png

 

oguimard_1-1678960704044.png

 

oguimard_0-1678961190979.png

 

Mode Multi or Single

 

This mode will change the behaviour in the back-end to process the request. When to choose which one :

 

Multi : for all purposes where you need responsiveness in the API calls.

  • Benefit : you benefit from caches, ready to use process to respond your query
  • Inconvenient : not adapted to static website generation

Single : for heavy computing treatment. Ideal for heavy batch or static website generation

  • Benefit : you benefit from dedicated process. Adapted to heavy computation that will need several minutes/hours to responds.
  • Inconvenient : take time to response so.

 

 

 

 

28 Replies

This is why it is not working :

  • all fields are mandatory
  • You cannot use a user that is configured to be part of a group or to be SSO/LDAP user.

pgunna
Super Contributor

Graphql_5.PNG

Your are missing the main screenshot I need this one :

oguimard_0-1685604710939.png

 

What value did you choose ?

pgunna
Super Contributor

All the above are the screenshots from our install

pgunna
Super Contributor

yes, I am able to connect to hopex with this user

pgunna
Super Contributor

Hi Oliveria,

Attached is the steps followed and the screenshot of the error.Graphql_4.PNGGraphql_3.PNGGraphql_2.PNGGraphql_1.PNG

I need the screen shot of creation not this list. Moreover does this user works when you connect to HOPEX ?

pgunna
Super Contributor

We created a user, and tried basic authentication in postmanaa755b43-96c4-49f1-8da2-2954f338f6e9.PNG

pgunna
Super Contributor

useraccount_creation.PNG

Let's not mix the problem :

  • Step 1 : make it work on standard schema
  • Step 2 : you'll test on your custom schema.

Saying it's not working is unclear.

  • Share Some screenshot with error message ?
  • Share how you have created the user ? 
  • Share the logs...