Forum Discussion

Contributor

10 years ago

How to use the REST API securely

Hi, I'm using the REST API v1 to retrieve a blog post using the api session keys. Currently my community uses http to access the REST api and I'm concerned on how I'm retrieving the token. I don't ha...

DougS
10 years ago
You should be able to have your community configured so that you can make the /sessions/login call over HTTPS. If it's not already configured to do so, I would recommend filing a support case to have it set up.

DougS

Khoros Oracle

You should be able to have your community configured so that you can make the /sessions/login call over HTTPS. If it's not already configured to do so, I would recommend filing a support case to have it set up.

PaoloT

Lithium Alumni (Retired)

10 years ago

If setting up SSL is a problem (it shouldn't be...) you should also be able to proxy your call trough an endpoint.

Web Page calls Lithium Endpoint
Code in Lithium Endpoint verifies who the logged user is (or any other required checks) and then retrieves the content (could be via restadmin)

Of course - the feasibility of this approach depends on what kind of checks you need to perform to serve the content, and you should also avoid creating a "backdoor" that someone could exploit to retrieve content they are not meant to see.

Forum Discussion

How to use the REST API securely

Related Content

Rest API Outside Community

Community REST-API: Get all tags available

Stop Click-jacking Security

[REST API] Problem to sort messages

JAVA SDK for calling Khoros Rest APIS

Recent Discussions

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?

Can someone walk me through authenticating and using Postman with Aurora?

Seeking Advice on Restricting Access to a posts to those who have the permalink.

TinyMceEditor is undefined