An explanation of the various levels:

  • Anonymous use - the public methods can be invoked without any form of authentication. These methods often use data which is also public in the website. This applies, for example. to requesting available objects.
  • Users level - the user must be logged in and working with his/her own data. To log in, use the REST interface, see [[text_link link_to="1304" link_text="user entity"]]. No profiles are required for such users. This is similar to a website which contains a 'personal section'. Showing owner's information, for example, or a list of bookings made by the user themself.
  • Administrator level - the user must be logged in and needs to have an authorisation profile. Depending on which rights are available in this profile, the user has the option of requesting and/or editing data. In this way, a complete administrator's application could be constructed.

Methods of authentication

The user levels - higher than anonymous usage - can be achieved by logging in. This can be achieved in multiple ways.

  • Logging in via the API
    The API itself can be used to start a session.
    This is done via the API - User.
    Use the method POST user/login. Note the usage of the attribute admin. This has to be set to true for logging is on administrator level.
  • Basic Auth
    A method which is commonly used for REST api's.
    Click here for generic infomation: Open API
    Use the username and password which is also used to login into the backend as administrator.
  • Oauth 2
    Click here for generic infomation: Open API
    For detail steps click here.
Functional information: