This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Basic Auth vs API Key (HOPEX V5 and forward)

Go to solution
oguimard
Retired

‎16-03-2023 10:39 AM - edited ‎16-03-2023 11:28 AM

Starting from HOPEX V5 the method for authentication for API has evolved.

  1. With a Basic Auth.
  2. With an API Key (preferred choice)

 

Former Bearer Token is not available in V5. Oauth2 Authentication is not supported for the moment for API calls.

 

Depending on the use case you want to use the API you may use one or the other authentication method. Regardless of the chosen authentication methods the others headers and body information will remain the same.

 

Basic Auth

 

The basis Auth allow you to access the API directly with credentials : loing/password.

 

How to use it

  • For instance, in Postman when calling the API choose "Basic Auth" and fill-in the user password. The information will be encoded with Base64 to avoid to be readable when sent. 

basicAuth.png

 

  • For instance, in a script in curl add the header Authorization: Basic and pass the encoded value of the login and password.

 

 

 

curl --location --request POST 'httpx://www.myserver.com/HOPEXGraphQL/api/ITPM' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic V2Vic2VydmljZTpIb3BleA==' \
--data-raw '{"query":"query {\n    application {\n        id\n        name\n        cloudComputing\n    }\n}","variables":{}}'

 

 

 

 

This authentication method is useful when you need to check identity and get the data with a login/password logic. It is nonetheless less secure than an API Key.

 

How to enable it

You need to create a dedicated User/Password within the HAS console to be able to use it in API Call. This user can be :

  • Admin user.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click "User accounts"
  4. Click "Create"
  5. Fill in the form
    1. Give a login to you user
    2. Give a password or generate one
    3. Select the Role : Administrator or Custom
    4. Select if you allow to open a session on a specific repository and profile
    5. Give the login of the HOPEX user
    6. Select the environment (there should be only one)
    7. Select the repository (if more than one)
    8. Select the profile (if more than one)
    9. Selection the session mode : multi or single (see below for more detail on what to chose)
    10. Select the connection mode : read/write or read only.
    11. Click submit

You can now use this login/password for API call.

 

oguimard_0-1678959250029.png  

oguimard_1-1678959271270.png

oguimard_2-1678959520817.png

 

 

API Key

To access the API with an API Key you need to create it and defined all the technical information.

  • admin or user api key
  • repository and profile to connect to.

Once you will have defined this information the system will give you the API key. this API Key can be valid for all time or have a validity period.

 

Security

The API Key generate does not contains any information that can be decrypted or decoded. 

 

Use case

It is recommended Authentication methods whenever possible. It is ideal when scripting, when developing external app or when doing integration with external tools.

 

How to use it

  • For instance, in Postman when calling the API choose "API Key" and fill-in the API Key value.
    • Key:      x-api-key
    • Value : xxxxxxxxx 

Now you can make call to any endpoint.

 

oguimard_0-1678960174274.png

 

  • For instance, in a script in curl add the header x-api-key and pass the value of the API Key.

 

 

 

curl --location 'https://w-ogd/HOPEXGraphQL/api/ITPM' \
--header 'x-api-key: 5snybEHxGR8uTRAks2ySEgYs8t82rQ6KqkrcEsp9srw737WmPZcJvpk1gNctBCjVQZvBwrryaFzJkHk61Q1eFJex' \
--header 'Content-Type: application/json' \
--data '{"query":"query\n{\n  application\n  {\n    id\n    name\n  }\n}","variables":{}}'

 

 

 

How to enable it

You need to create a dedicated API Key within the HAS console to be able to use it in API Call. This API Key can be :

  • Admin API Key.
  • HOPEX user that connects with a profile.

 

Process step :

  1. Connect to HAS Console
  2. Click the menu Modules >> Authentication
  3. Click API Keys
  4. Click "Create"
  5. Fill in the information
    1. Name : for you to remember what this API key will be used for
    2. Expiration date : if you want to limit the validity period of this API Key
    3. Description : for you to remember what this API key will be used for
    4. Select the Role : Administrator or Custom
    5. Select if you allow to open a session on a specific repository and profile
    6. Give the login of the HOPEX user
    7. Select the environment (there should be only one)
    8. Select the repository (if more than one)
    9. Select the profile (if more than one)
    10. Selection the session mode : multi or single
    11. Select the connection mode : read/write or read only.
    12. Click submit
    13. Copy/paste the API Key and save it for later use

You can now use this login/password for API call.

 

Caution : 

  • the API key will appear on the screen only once so keep it !
  • there is no mean to regenerate the API key. You will have to reset all the parameters to create a new one.
  • the API cannot be displayed later to get it again

 

oguimard_0-1678960544106.png

 

oguimard_1-1678960704044.png

 

oguimard_0-1678961190979.png

 

Mode Multi or Single

 

This mode will change the behaviour in the back-end to process the request. When to choose which one :

 

Multi : for all purposes where you need responsiveness in the API calls.

  • Benefit : you benefit from caches, ready to use process to respond your query
  • Inconvenient : not adapted to static website generation

Single : for heavy computing treatment. Ideal for heavy batch or static website generation

  • Benefit : you benefit from dedicated process. Adapted to heavy computation that will need several minutes/hours to responds.
  • Inconvenient : take time to response so.

 

 

 

 

28 Replies

Go to solution
rsutcliffe
MEGA
MEGA
In response to pgunna

‎09-08-2023 04:19 PM

Hello @pgunna ,

 

The Expiration date has no effect on the session timeout. Expiration Date will cause the created API key to stop working after the input date. Sessions can be created and closed at any point during that time window.

Any open session has a time limit of x-minutes (20 by default, can be set in options). If this option is changed, it will affect all sessions. 

https://doc.mega.com/hopex-v5-en/#page/SUPW/Gerer_les_options_Web.Options_Overview.html#ww1305764

I hope that this helps.

 

Kind regards,

Ryan

0 Likes

Go to solution
pgunna
Super Contributor

‎09-08-2023 03:22 AM

When we don't specify Expiration date for API Key, how long does the session (Instance) stays active?  We are using API Key to connect to Hopex, we are running into issues with high CPU utilization on the session that uses API Key to connect on some days.  When does the session expire or timeout if there is no expiration date specified.

0 Likes

Go to solution
pgunna
Super Contributor
In response to rsutcliffe

‎02-06-2023 04:14 PM

URL shows not valid with or without the port, I am not sure what should be the correct URL and I don't see hopexgraphql web.config in the .shadowfiles on the HAS server under port 5000.  I can see these modules on the HAS console, RestAPI, Graph QL show as ready.

http://ddddd0.hosts.cloud.ford.com:5000/hopexgraphql/home/index/ITPM

http://XXXXXX.hosts.cloud.ford.com:5000/hopexgraphql/home/index/ITPM

http://XXXXXX.hosts.cloud.ford.com/hopexgraphql/home/index/ITPM

http://XXXXXXX.hosts.cloud.ford.com/hopexgraphql/api/itpm

 

0 Likes

Go to solution
pgunna
Super Contributor
In response to trkkaradag

‎02-06-2023 04:07 PM

Under which folder on the HAS server is the web.config located that would contain the environment id, repository, webservice id.   The environment ID and repository ID, profile and user are correct on the database. 

0 Likes

Go to solution
rsutcliffe
MEGA
MEGA
In response to pgunna

‎02-06-2023 02:48 PM

@pgunna 

 

Try the query without the port number, I do not think it is needed.

 

Hope that helps.

 

Kind regards,

Ryan

0 Likes

Go to solution
trkkaradag
MEGA Partner
MEGA Partner
In response to pgunna

‎02-06-2023 08:35 AM

Hi,

I see "415 Unsupported Media Type" error in your first screenshot.  Could you please check the parameters you set for the environment again?

0 Likes

Go to solution
oguimard
Retired
In response to pgunna

‎01-06-2023 05:20 PM

It will be difficult to help over the forums. You should get in contact with MEGA Professional services to see more in details.

0 Likes

Go to solution
pgunna
Super Contributor
In response to oguimard

‎01-06-2023 05:18 PM

Before I click on save, I see person, profile and repository. But once I save when i open it, those 3 values are not there any more. I tried creating a new user but I still see the same scenarioGraphql_6.PNG

0 Likes

Go to solution
oguimard
Retired
In response to pgunna

‎01-06-2023 03:05 PM

You did not get my point you should not see "Person" drop down". Because you see it it tells me your HOPEX user is not properly configure. Create a new one and adjust it's configuration

0 Likes

Go to solution
pgunna
Super Contributor

‎01-06-2023 03:03 PM

I am not sure why person and profile are empty, I had selected contributor profile when I created this. In V4 on the server there is a web.config that has the schedule, web services user and password.  Where is the web.config for GraphQL that includes the standard graphql modules.

0 Likes
MEGA International © 1994 - 2024. All rights reserved