Security Setting Example
As default, Endpoint is accessed by Fixed TOKEN.
In the case of Server-Server access to Endpoint, script is saved into Saver. So Fixed TOKEN is not opened to user.
On the other hand, when accessing Endpoint from HTML(jQuery), Fixed Token is visible to user. So page needs to be protected by Password or something.
Even though page is protected by password, fixed TOKEN is relatively low security. So, to increase security, this example shows how to customize security to be accessable by temporary TOKEN from any script such as HTML(jQuery).
The mechanism is to select Security Type for each Endpoint. Select from followings:
- Default: Fixed TOKEN
- Call another function and check if data exists. Security check is OK if data exists. ⇒ This example
- No security ⇒ Anyone can access without security
So, in this example, create table for authentication, then insert data by fixed TOKEN at first, then start accessing by temporary TOKEN later.
In this case, to protect fixed TOKEN from user, insert of data is done on Server Side by such as PHP, then later, access Endpoint by temporary TOKEN from HTML(jQuery).
Steps:
First, define Table on Database. (See Step 2 on Quick Start Guide about how to do it)
Define Table AuthToken like this.
Temporary Token must not be duplicated and data access is done multiple times by this key. So, define Primari Key (Index & Unique) to this key.
Importa Table info. (See Step 3 on Quick Start Guide about how to do it)
Then, define 2 functions.
First is insert function.
Specify insert target.
Next, define function to get data. Authentication is done by this function.
Importance is data existance only. So, any one column is specified.
Define Where condition. Specify TempToken.
Start Build. (See Step 5 on Quick Start Guide about how to do it)
After Build, Endpoint will be created. So, back to function page and click "View Endpoint" link of Insert function.
By using this Endpoint, insert data for authentication.
If authentication is done by HTML's Form, data is sent to server, then server script such as PHP will access to this Endpoint to insert data.
In that case, use template source on the this page as follows.
In this example, just use debug form to insert data for authentication. Temporary TOKEN is created by random string like this: vxcjeopwpjvoojpewrrewpofds
Next, change Proxy Setting to customize security. From Project List Page, click "Proxy Target Setting [Single]" link.
Now, let's use table AssetInfo which is created by example "Manage Item by Barcode". So, click "View" link on AssetInfo row.
Click "Edit" for any function row, on Proxy Setting column.
Select "Get Function" on AUthentication Type, then select GetAuthToken function for Get(single) function.
Start Build. (See Step 5 on Quick Start Guide about how to do it)
After Build, Check Endpoint of the function.
As you can see you can access the Endpoint by using parameter of GetAuthToken function.
Let's try access by using temporary token "vxcjeopwpjvoojpewrrewpofds" which is created in this example.
As you can see, successfully accessed and get data. You can also try another temporary token to check if refuse access.
By using this example as a template, you can customize security such as expire token on specified time period or so.
