Forum Discussion

vaishnavi's avatar
vaishnavi
Expert
9 years ago

Endpoint rest call with restapi.session_key not taking user privillages

Hi,

I have created a custom endpoint.

I want to make REST calls on befalh of a specific user.

 

Below are the key REST calls in endpoint :-

 

1. Get session key for the user - 

<#assign session_key = rest("/authentication/sessions/login?user.login=<user_login>&user.password=<user_pwd>").value?string />

 

2. Pass the session key in subsequent REST calls - 

<#assign allowed = rest("/categories/id/${catId}/view/allowed?restapi.session_key=${session_key}").value?string />

 

I am getting different response when I hit the endpoint URL in browser for anonymous user and logged in user.

Its still taking context user and not the privileges from the session_key.

I am assuming it should return same response as it should take user session_key previlages.

 

Any pointers would help.

 

Thanks,

Vaishnavi

1 Reply

  • ChiaraS's avatar
    ChiaraS
    Lithium Alumni (Retired)
    9 years ago

    Try to pass the session_key parameter as part of the endpoint url directly, that should work. It means you will have to handle the rest authentication call not from within the endpoint, get the session key and invoke the endpoint at that point.

    In the endpoint code you then directly invoke the rest call for categories, without any session_key parameter.