Forum Discussion

octavian_krody's avatar
octavian_krody
Guide
3 years ago

How to authenticate rest api calls using technical users for server to server use (SSO enabled)?

Hello, Been reading the docs and for a community with SSO enabled we've seen 3 means of achieving rest api access. OAuth 2.0 authorization grant flow To make a fully-automated server-to-server ...
Rest API
  • MohammedSh's avatar
    MohammedSh
    3 years ago

    octavian_krody, In this case you can use the session key based approach as you want to write/permission based access.

     

    It is okay for two types to exist simultaneously, but that user can only use the API as the default auth pages are blocked when SSO is enabled.

octavian_krody's avatar
octavian_krody
Guide
3 years ago

MohammedSh 

I see, Well having an api integration with read only access for which I suppose it doesn't have "role / scope" restriction would imply being able to read only public data, no hidden groups etc. which is not helpful as we need write / permission based access (e.g. use case integrating, company wide, account deletion)

One more quick question though.

I see that assigning a password through the UI to a SSO enabled community is not a thing, but creating a user through the api with a password is allowed, does having a password based user on an SSO community impact any features? is it ok for the two types to exist simultaneously?

  • MohammedSh's avatar
    MohammedSh
    Moderator
    3 years ago

    octavian_krody, In this case you can use the session key based approach as you want to write/permission based access.

     

    It is okay for two types to exist simultaneously, but that user can only use the API as the default auth pages are blocked when SSO is enabled.