MultiValue Tools

 View Only

 mvis authorization

John Anderson's profile image
John Anderson posted 03-28-2024 15:38

I see in the MVIS config that you can add some username/passwords to be used to force API calls to supply some authorization, namely the username/password configured in the MVIS console.  Wondering if it's possible to do some kind of authorization using the "native" Universe/PICK logins so that when an API is called and then runs a subroutine, that the subroutine being run would think it's being run in the security context of the user based on the supplied credentials.  Maybe something like Basic authorization with the username/password passed in the Authorization header.  Ideally, some kind of token could be generated and this token passed in as a bearer authorization scenario in the headers.

Mainly wanting to be able to use the same username/password that a user would  use during a normal login outside of MVIS as part of the  API calls. 

Any help/ideas appreciated!

Mark Sapp's profile image


Short simple answer is if you supply credentials (user-ID/password) as part of the REST request that uses a backend BASIC subroutine, then you can do any sort of validation that you want via the backend subroutine.  I'm thinking of a user profile that grants different levels of access, but there's all kinds of possibilities with the code you write.   There is also the REST level security that MVIS provides as well, I'm just addressing application-level authorization.   Regards,