EcoStruxure IT forum
Schneider Electric support forum about installation and configuration for DCIM including EcoStruxure IT Expert, IT Advisor, Data Center Expert, and NetBotz
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-09-01 10:07 PM . Last Modified: 2021-09-02 09:58 PM
I'd like to create a frontend that utilizes the REST API of a device we use internally. This device requires authentication by a user, and I'm not really sure how to acquire the credentials from the user (ADS), and possibly store these credentials in a cookie or other location so that the user only needs to login every so often.
I've mostly done frontend work in web development so am a little lost as to what to do. Most searches I've done lead me to methods of setting up my own server for REST API with authentication, which means I probably don't know enough to even phrase the question properly.
Any advice or guides to set this up would be very helpful! The API guides for the device only show examples of Python/Curl which is fairly easy to work out, I'm just not sure how to start implementing this from a web page.
Link copied. Please paste this link to share this article on your social media post.
Link copied. Please paste this link to share this article on your social media post.
Posted: 2021-09-08 09:39 AM
Hello Scot
Sorry its been a while since we have responded.
The REST api's included with DCO and ITA require authentication for use and the user used for authentication defines the limits in regards to access to room data and permissions for the API calls they can execute. We do not use cookies for session management or remembering user credentials as it helps us keep tighter security. We use JWT session tokens to manage active session info (only session info no credentials are stored in the token).
This requirement gives you few options in regards to your question.
* You could ask for credentials when your user uses your web page and then use those credentials for REST api access ... this would limit access to ITA based on the credentials the user enters assuming that user account is not a full admin user.
* You could store credentials using your application. This means all web users are using the same access which may be fine if you're controlling API calls and use (which is probably the case).
Sorry I cannot offer you a better solution
Regards
Greg Sterling
Link copied. Please paste this link to share this article on your social media post.
Create your free account or log in to subscribe to the forum - and gain access to more than 10,000+ support articles along with insights from experts and peers.