REST (dynamic url) Hash parameter authentication

Olivier Cozette asked on January 13, 2016 16:36

Need to authenticate a REST request using the Hash method, but I think this case is a bit more complicated.

Normally, you can authenticate (using the procedure at https://docs.kentico.com/display/K8/Authenticating+REST+requests) an URL like this

http://mywebsite.com/rest/ ... /news?format=json

so, the adress becomes something like:

http://mywebsite.com/rest/ ... /news?format=json&hash=527875d49dd120b681cfd58b603f434836c4d93706ad797

BUT, how to get the hash working, when the url is dynamic ? (the '%QUERY' is replaced by JQuery, allowing the user to typeahead some string, so REST can answer only with the needed information) like in

http://mywebsite.com/rest/content/currentsite/en-us/all/news?format=json&title=%QUERY

So really, if I'm searching for 'kentico' the url to authenticate becomes:

http://mywebsite.com/rest/content/currentsite/en-us/all/news?format=json&title=k

then http://mywebsite.com/rest/content/currentsite/en-us/all/news?format=json&title=ke

then http://mywebsite.com/rest/content/currentsite/en-us/all/news?format=json&title=ken

then http://mywebsite.com/rest/content/currentsite/en-us/all/news?format=json&title=kent

and so on

Any ideas ? (keeping the hash method) Server is answering with a boring 403 error.

Thanks !

Juan

Recent Answers

Sean Wright answered on January 13, 2016 21:02

Juan,

You could probably first send an GET request, from javascript, to your server with the url you want to access. On the server you hash the url in real time and respond to the GET request with the fully hashed url and then use this url to make your REST API request.

Since the hashes are generated using a secure key on the server there is no way to safely or practically get all hashes ahead of time (given your use case) or generate them in javascript.

This use case really fits the other authentication scenarios much better.

0 votesVote for this answer Mark as a Correct answer

Roman Hutnyk answered on January 13, 2016 23:48 (last edited on January 13, 2016 23:48)

Use basic authentication. You can create a user account, that you'll use with basic authentication, and configure security appropriately for him. Find more details here:

http://bitsorchestra.com/Idea/August-2015/Consume-REST-service-on-the-server

http://bitsorchestra.com/Idea/August-2015/Async-processing-in-Kentico

2 votesVote for this answer Mark as a Correct answer

Juan Alchourron answered on January 15, 2016 00:08

Thank you Sean and Roman, your approach is the good one.

0 votesVote for this answer Mark as a Correct answer

Chetan Sharma answered on January 17, 2016 15:13

AFAIK, Kentico do not support dynamic URL's with Hash Authentication. You may be able to send core parameterized requests however not this one.

Thanks, Chetan

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.