lemonldap-ng/doc/sources/admin/restservices.rst

REST services
=============

LL::NG portal is a REST server that gives access to configuration,
session and also authentication.

Portal REST services
--------------------

Authentication
~~~~~~~~~~~~~~

The authentication service is always available with REST, you just need
to send credentials on portal URL. But by default, the portal is
protected by :ref:`one time tokens to prevent CSRF<security-portal>`.
You must disable them or set a rule (configuration parameter
``requireToken``) so token will not be required for REST requests, for
example:

.. code-block:: perl

   $env->{HTTP_ACCEPT} !~ m:application/json:


Another solution is using the :doc:`REST auth/user/password backend<restauthuserpwdbackend>`.

API
^^^

Request parameters:

-  Endpoint: ``/``
-  Method: ``POST``
-  Request headers:

   -  ``Accept``: ``application/json``

-  POST data:

   -  ``user``: user login
   -  ``password``: user password
   -  xxx: optional parameters, like ``lmAuth`` if your portal uses
      ``Choice`` or ``spoofId`` to impersonate.

The JSON response fields are:

-  ``result``: authentication result, ``0`` if it fails, ``1`` if it
   succeed
-  ``error``: error code, the corresponding error can be found in
   :doc:`Portal error codes<error_codes>`
-  ``id``: if authentication succeed, the session id is returned in this
   field. This id is not returned if you call the REST endpoint with the
   session cookie (which means you are already authenticated).


.. tip::

    You can also get the cookie by reading the response header
    ``Cookie`` returned by the portal.


.. attention::

    Before version 2.0.4, the response to a success
    authentication had no ``id`` field, and ``error`` field was named
    ``code``.

Example
^^^^^^^

-  Request with curl:

::

   curl -H "Accept: application/json" -d user=rtyler -d password=rtyler http://auth.example.com/ | json_pp


.. attention::

    With ``cURL > 7.18.0``, to include special characters
    like @, & or + in the cURL POST data:

    ::

       curl -H "Accept: application/json" -d name=rtyler --data-urlencode passwd=@31&3+*J http://auth.example.com/ | json_pp


-  Response for bad authentication:

.. code-block:: javascript

   {
       "result" : 0,
       "error" : 5
   }

-  Response for good authentication:

.. code-block:: javascript

   {
       "result" : 1,
       "error" : "0",
       "id" : "b048bf87ca401da1d89419813e3acf466d5e4465fe3a1f7adfd8240bd161bde2"
   }

Sessions
~~~~~~~~

REST functions for sessions are protected by Web Server, you can change
this in :ref:`portal configuration<configlocation-portal>`.

See :doc:`REST session backend documentation<restsessionbackend>` for
more.

Configuration
~~~~~~~~~~~~~

REST functions for configuration are protected by Web Server, you can
change this in :ref:`portal configuration<configlocation-portal>`.

See :doc:`REST configuration backend documentation<restconfbackend>` for
more.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`REST services`
			`=============`

			`LL::NG portal is a REST server that gives access to configuration,`
			`session and also authentication.`

			`Portal REST services`
			`--------------------`

			`Authentication`
			`~~~~~~~~~~~~~~`

			`The authentication service is always available with REST, you just need`
			`to send credentials on portal URL. But by default, the portal is`
doc: fix formatting 2020-05-18 09:56:39 +02:00			protected by :ref:`one time tokens to prevent CSRF<security-portal>`.
			`You must disable them or set a rule (configuration parameter`
			``requireToken``) so token will not be required for REST requests, for
			`example:`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: perl`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`$env->{HTTP_ACCEPT} !~ m:application/json:`

Documentation for auth/user/password REST services 2022-04-27 12:31:50 +02:00
			Another solution is using the :doc:`REST auth/user/password backend<restauthuserpwdbackend>`.

First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`API`
			`^^^`

			`Request parameters:`

			- Endpoint: ``/``
			- Method: ``POST``
			`- Request headers:`

			- ``Accept``: ``application/json``

			`- POST data:`

			- ``user``: user login
			- ``password``: user password
			- xxx: optional parameters, like ``lmAuth`` if your portal uses
			``Choice`` or ``spoofId`` to impersonate.

			`The JSON response fields are:`

			- ``result``: authentication result, ``0`` if it fails, ``1`` if it
			`succeed`
			- ``error``: error code, the corresponding error can be found in
Append error codes page (#2516) 2022-01-31 15:56:37 +01:00			:doc:`Portal error codes<error_codes>`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			- ``id``: if authentication succeed, the session id is returned in this
Update doc for REST service (#2709) 2022-06-17 17:35:06 +02:00			`field. This id is not returned if you call the REST endpoint with the`
			`session cookie (which means you are already authenticated).`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00

doc: fix formatting 2020-05-18 09:56:39 +02:00			`.. tip::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`You can also get the cookie by reading the response header`
			``Cookie`` returned by the portal.


doc: fix markup 2020-05-21 15:13:24 +02:00			`.. attention::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`Before version 2.0.4, the response to a success`
			authentication had no ``id`` field, and ``error`` field was named
Update doc for REST service (#2709) 2022-06-17 17:35:06 +02:00			``code``.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`Example`
			`^^^^^^^`

			`- Request with curl:`

			`::`

			`curl -H "Accept: application/json" -d user=rtyler -d password=rtyler http://auth.example.com/ \| json_pp`


doc: fix markup 2020-05-21 15:13:24 +02:00			`.. attention::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			With ``cURL > 7.18.0``, to include special characters
			`like @, & or + in the cURL POST data:`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`::`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`curl -H "Accept: application/json" -d name=rtyler --data-urlencode passwd=@31&3+*J http://auth.example.com/ \| json_pp`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00

			`- Response for bad authentication:`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: javascript`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`{`
			`"result" : 0,`
			`"error" : 5`
			`}`

			`- Response for good authentication:`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: javascript`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`{`
			`"result" : 1,`
			`"error" : "0",`
			`"id" : "b048bf87ca401da1d89419813e3acf466d5e4465fe3a1f7adfd8240bd161bde2"`
			`}`

			`Sessions`
			`~~~~~~~~`

			`REST functions for sessions are protected by Web Server, you can change`
doc: fix formatting 2020-05-18 09:56:39 +02:00			this in :ref:`portal configuration<configlocation-portal>`.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			See :doc:`REST session backend documentation<restsessionbackend>` for
			`more.`

			`Configuration`
			`~~~~~~~~~~~~~`

			`REST functions for configuration are protected by Web Server, you can`
doc: fix formatting 2020-05-18 09:56:39 +02:00			change this in :ref:`portal configuration<configlocation-portal>`.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			See :doc:`REST configuration backend documentation<restconfbackend>` for
			`more.`