cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Basic Auth vs API Key (HOPEX V5 and forward)

oguimard
Retired

Starting from HOPEX V5 the method for authentication for API has evolved.

  1. With a Basic Auth.
  2. With an API Key (preferred choice)

 

Former Bearer Token is not available in V5. Oauth2 Authentication is not supported for the moment for API calls.

 

Depending on the use case you want to use the API you may use one or the other authentication method. Regardless of the chosen authentication methods the others headers and body information will remain the same.

 

Basic Auth

 

The basis Auth allow you to access the API directly with credentials : loing/password.

 

How to use it

  • For instance, in Postman when calling the API choose "Basic Auth" and fill-in the user password. The information will be encoded with Base64 to avoid to be readable when sent. 

basicAuth.png

 

  • For instance, in a script in curl add the header Authorization: Basic and pass the encoded value of the login and password.

 

 

 

curl --location --request POST 'httpx://www.myserver.com/HOPEXGraphQL/api/ITPM' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic V2Vic2VydmljZTpIb3BleA==' \
--data-raw '{"query":"query {\n    application {\n        id\n        name\n        cloudComputing\n    }\n}","variables":{}}'

 

 

 

 

This authentication method is useful when you need to check identity and get the data with a login/password logic. It is nonetheless less secure than an API Key.

 

How to enable it

You need to create a dedicated User/Password within the HAS console to be able to use it in API Call. This user can be :

  • Admin user.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click "User accounts"
  4. Click "Create"
  5. Fill in the form
    1. Give a login to you user
    2. Give a password or generate one
    3. Select the Role : Administrator or Custom
    4. Select if you allow to open a session on a specific repository and profile
    5. Give the login of the HOPEX user
    6. Select the environment (there should be only one)
    7. Select the repository (if more than one)
    8. Select the profile (if more than one)
    9. Selection the session mode : multi or single (see below for more detail on what to chose)
    10. Select the connection mode : read/write or read only.
    11. Click submit

You can now use this login/password for API call.

 

oguimard_0-1678959250029.png  

oguimard_1-1678959271270.png

oguimard_2-1678959520817.png

 

 

API Key

To access the API with an API Key you need to create it and defined all the technical information.

  • admin or user api key
  • repository and profile to connect to.

Once you will have defined this information the system will give you the API key. this API Key can be valid for all time or have a validity period.

 

Security

The API Key generate does not contains any information that can be decrypted or decoded. 

 

Use case

It is recommended Authentication methods whenever possible. It is ideal when scripting, when developing external app or when doing integration with external tools.

 

How to use it

  • For instance, in Postman when calling the API choose "API Key" and fill-in the API Key value.
    • Key:      x-api-key
    • Value : xxxxxxxxx 

Now you can make call to any endpoint.

 

oguimard_0-1678960174274.png

 

  • For instance, in a script in curl add the header x-api-key and pass the value of the API Key.

 

 

 

curl --location 'https://w-ogd/HOPEXGraphQL/api/ITPM' \
--header 'x-api-key: 5snybEHxGR8uTRAks2ySEgYs8t82rQ6KqkrcEsp9srw737WmPZcJvpk1gNctBCjVQZvBwrryaFzJkHk61Q1eFJex' \
--header 'Content-Type: application/json' \
--data '{"query":"query\n{\n  application\n  {\n    id\n    name\n  }\n}","variables":{}}'

 

 

 

How to enable it

You need to create a dedicated API Key within the HAS console to be able to use it in API Call. This API Key can be :

  • Admin API Key.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click API Keys
  4. Click "Create"
  5. Fill in the information
    1. Name : for you to remember what this API key will be used for
    2. Expiration date : if you want to limit the validity period of this API Key
    3. Description : for you to remember what this API key will be used for
    4. Select the Role : Administrator or Custom
    5. Select if you allow to open a session on a specific repository and profile
    6. Give the login of the HOPEX user
    7. Select the environment (there should be only one)
    8. Select the repository (if more than one)
    9. Select the profile (if more than one)
    10. Selection the session mode : multi or single
    11. Select the connection mode : read/write or read only.
    12. Click submit
    13. Copy/paste the API Key and save it for later use

You can now use this login/password for API call.

 

Caution : 

  • the API key will appear on the screen only once so keep it !
  • there is no mean to regenerate the API key. You will have to reset all the parameters to create a new one.
  • the API cannot be displayed later to get it again

 

oguimard_0-1678960544106.png

 

oguimard_1-1678960704044.png

 

oguimard_0-1678961190979.png

 

Mode Multi or Single

 

This mode will change the behaviour in the back-end to process the request. When to choose which one :

 

Multi : for all purposes where you need responsiveness in the API calls.

  • Benefit : you benefit from caches, ready to use process to respond your query
  • Inconvenient : not adapted to static website generation

Single : for heavy computing treatment. Ideal for heavy batch or static website generation

  • Benefit : you benefit from dedicated process. Adapted to heavy computation that will need several minutes/hours to responds.
  • Inconvenient : take time to response so.

 

 

 

 

28 Replies

Hello @pgunna ,

 

The Expiration date has no effect on the session timeout. Expiration Date will cause the created API key to stop working after the input date. Sessions can be created and closed at any point during that time window.

Any open session has a time limit of x-minutes (20 by default, can be set in options). If this option is changed, it will affect all sessions. 

https://doc.mega.com/hopex-v5-en/#page/SUPW/Gerer_les_options_Web.Options_Overview.html#ww1305764

I hope that this helps.

 

Kind regards,

Ryan

pgunna
Super Contributor

When we don't specify Expiration date for API Key, how long does the session (Instance) stays active?  We are using API Key to connect to Hopex, we are running into issues with high CPU utilization on the session that uses API Key to connect on some days.  When does the session expire or timeout if there is no expiration date specified.

pgunna
Super Contributor

URL shows not valid with or without the port, I am not sure what should be the correct URL and I don't see hopexgraphql web.config in the .shadowfiles on the HAS server under port 5000.  I can see these modules on the HAS console, RestAPI, Graph QL show as ready.

http://ddddd0.hosts.cloud.ford.com:5000/hopexgraphql/home/index/ITPM

http://XXXXXX.hosts.cloud.ford.com:5000/hopexgraphql/home/index/ITPM

http://XXXXXX.hosts.cloud.ford.com/hopexgraphql/home/index/ITPM

http://XXXXXXX.hosts.cloud.ford.com/hopexgraphql/api/itpm

 

pgunna
Super Contributor

Under which folder on the HAS server is the web.config located that would contain the environment id, repository, webservice id.   The environment ID and repository ID, profile and user are correct on the database. 

@pgunna 

 

Try the query without the port number, I do not think it is needed.

 

Hope that helps.

 

Kind regards,

Ryan

Hi,

I see "415 Unsupported Media Type" error in your first screenshot.  Could you please check the parameters you set for the environment again?

It will be difficult to help over the forums. You should get in contact with MEGA Professional services to see more in details.

pgunna
Super Contributor

Before I click on save, I see person, profile and repository. But once I save when i open it, those 3 values are not there any more. I tried creating a new user but I still see the same scenarioGraphql_6.PNG

You did not get my point you should not see "Person" drop down". Because you see it it tells me your HOPEX user is not properly configure. Create a new one and adjust it's configuration

pgunna
Super Contributor

I am not sure why person and profile are empty, I had selected contributor profile when I created this. In V4 on the server there is a web.config that has the schedule, web services user and password.  Where is the web.config for GraphQL that includes the standard graphql modules.