I have a REST based service which is deployed on multiple machines. From this service I would like to retrieve messages from community via the Lithium API based on a pre-defined message id. The response should be in JSON format. I want to know if there is a way to access lithium from my service without any manual sign-in/intervention. Ideally whatever handshake is required between my service and Lithium should be established once (or automatically re-established if there is a session expiry). I was also told by the Lithium technical support that the SSO option is ruled out for me since I am on OAuth2. What is the best approach for my use case?
You have several options for making a REST API call to get data from your community. First, for some data, depending on how you set up the permissions in your community, you may be able to make a REST call without authenticating. Next, depending on whether you are using version 1 or version 2 of the Lithium REST API for your community, you have different options for authenticating. The REST v1 documentation for authentication explains the different options you have pretty well. If you have any questions about authenticationg to the API after reading that documentation, please post them here.
Both REST v1 and v2 calls can be returned as JSON. REST v2 returns JSON by default. To have REST v1 calls return JSON, you need to add the restapi.response_format=json query parameter.
As VarunGrazitti mentioned, you could use an endpoint to get the data you want -- that's a good way to combine REST calls to return just the data you need if a REST v1 or REST v2 call does not provide you with all of the data you need and you would otherwise need to make multiple REST calls. You can use a REST v1 API Session Key to authenticate to endpoints. If you have an api-specific user this could prove a useful way to programatically authenticate to endpoints in your community.
That page about authentication, while part of the REST v1 documentation, does touch on Authentication for REST v2 (v2 authentication over HTTP requires you to use OAuth 2.0 and it links out to OAuth 2.0 documentation in another article).
We are working towards making OAuth 2.0 the standard and I encourage people to try it out if they can. However, we currently only support the "Authorization Grant" flow and that does not always mesh with specific API use-cases (it requires a web browser to sign into the community to get authorized).
The /authentication/sessions/login call, and the REST v1 Session key it returns will only work for REST v1 (REST v2 requires OAuth. You can make authenticated REST v1 and REST v2 calls using OAuth).
If you want to use only REST v1, you can use the /authentication/sessions/login call. If you do that, since you are not using Lithium SSO, you will not be able to use the sso.authentication_token parameter, as that requires a Lithium SSO token as the value. You may want to create a non-SSO API account to make your REST v1 calls with. If you do that, then you will pass that account's login and password to the /authentication/sessions/login call as the values of the user.login and user.password parameters.
You can also use REST v1 Session Key you get back from the result of the /authentication/sessions/login call to authenticate when you can an endpoint. You can combine REST v1 and REST v2 calls in your endpoint (or use one or the other).
You can make REST v1 or REST v2 calls without an OAuth 2.0 Access token, or a REST v1 call without a REST v1 session key and you will be making the call as an anonymous user. Provided you have granted the appropriate default permissions through the Lithium Admin, the calls you make as an anonymous user will return results (but will exclude any results that default permissions do not allow anonymous users to see).
I hope that answers your questions, and understand if any of it is confusing - please ask additional questions for clarification if you have them.
This is just what I need, however when trying to log in using user.login and user.password, I get a "User authentication failed." response. I suppose this has to do with my account SSO settings, only I don't see any way to change this. How do I "create a non-SSO API account" as you suggest?
Sorry for the late reply on this:
You should contact Lithium Support about having a non-SSO login created for your stage and production sites.