Forms Authentication REST API & Hybrid Mobile App

It does not sound like REST API is going to authenticate user, but associate some token with current user - I might be wrong here. Have you tried to authenticate in a regular way first (e.g. /cmspages/logon.aspx) and then post this request? Will it return you 403?

@crystal ege What is the request you are making? It seems the REST api returns a 403 when you normally might expect a 404 or 400. If the url has a typo in it you will get a 403, not 404.

Here is what I am doing in the app I created

1. Log into Kentico site using normal forms login
2. Visit page that has my javascript app running in it
3. App makes POST to 'http://your-site-url.com/rest/settoken?username=' + username + '&password=' + password + '&token=' + token;
4. App makes GET to 'http://your-site-url.com/rest/ecommerce.sku?columns=SKUID,SKUName,SKUImagePath,SKUPrice,SKUAvailableItems?format=json' with header key 'Cms-Session-Token' and value token (whatever token I sent to /rest/settoken)

I was originally trying to make GET requests to 'http://your-site-url.com/rest/com.sku' and I was receiving 403 responses, which led me to believe something was wrong with my authentication/user/permissions but it was the request url that was incorrect.

For anyone else trying to figure out how to get this all working - first make sure you consult the documentation for configuring the REST service in Kentico.

https://docs.kentico.com/display/K9/Configuring+the+REST+service

Once you have that done, check out this Gist I created which shows how to use the API with an Angular app. This app uses the Forms Authentication approach for the REST API, not Basic Authentication. This means you will need to log into Kentico first before using this app.

https://gist.github.com/sgwatgit/7639ae56ff1d79e0d100

• Add the template.html to a Template in Kentico or a StaticHTML web part.
• Add the header.html contents to the Header tab of the Template in Kentico.
• Add the dashboard.js file to the Javascript files in the javascript module.
• Change the value of the dashboard.js link in template.html to suit your domain.
• Change the value of yourDomain, yourUsername and yourPassword in dashboard.js to match the domain you are running on and the username/password of the user you are logging into Kentico with.

@Crystal Ege - if you read this documentation you will find that it only supports GET requests and not POST.

Furthermore, you will have to be authenticated(logged in) to be able to send requests and receive response.

Else, you could generate a Hash Authenticated URL for your resource. This works if you have limited URLS otherwise it will be a pain to generate multiple URLS. Dynamic URLS are not supported using this method.

Caution:- If you are deploying your code across different developmet servers(Dev, QA, UAT), you will need to regenerate these URLS on each of these domains.

Best approach will be to write your own webservice.

I hope this helps you.

Thanks, Chetan