cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Visit the PTCooler (the community lounge) to get to know your fellow community members and check out some of Dale's Friday Humor posts! X

looking for a way to authenticate a ThingWorx user through a REST API.

rkandasamy
1-Newbie

looking for a way to authenticate a ThingWorx user through a REST API.

Hi Team,

I want to authenticate a thingworx user by passing the username and password  to an api . Is there any API in thingworx for the same, which results the authentication status?

Edited: Also is it possible to retrieve the password for any given user in thingworx?

7 REPLIES 7
posipova
20-Turquoise
(To:rkandasamy)

Wouldn't be possible OOTB, you may look into custom authenticators.

Refer to this chapter for the information on authenticator sample extension configuration:

Digital Media Publisher

Yeah, a custom authenticator would do it. Here is a KCS Article on the subject. The authenticate method would not need to be complicated, just something like:

  String username = httpRequest.getHeader("Username");

  String password =  httpRequest.getHeader("Password");

 

  if(username.isEmpty() || password.isEmpty())

     throw new AuthenticatorException("User login info is empty in CustomAuth");

  try {

       // Checks that user exists and is enabled; throws exception if can't validate

       AuthenticationUtilities.validateEnabledThingworxUser(username);

       // Tells rest of ThingWorx which user is logged in for purposes of permissions, etc.

      this.setCredentials(username);

  } catch(Exception e) {

        //TODO implement logging

  }

So if you sent a request with a header that contained Username and Password, just like how you include content-type, etc., then, this would log that user in if it could.

jkaczynski
4-Participant
(To:rkandasamy)

Hello,

If you're using a REST API there is OOTB possibility to authenticate request with the Header, no need in preparing own, custom Authenticator.

You just need to pass a Header: Userid and Password.

Regards,

Jakub.

Rdhakrishnan, if you want to pass in your username and password, you can use something like this (with x-session for the session to persist)-

localhost/Thingworx/Things?userid=Administrator&password=admin&x-thingworx-session=true

With that being said, is there a specific reason why you would want to send your username/ password instead of using the appKey to authenticate?

As per our use case, we share thingworx userid and password in an api. So this could be a verification call from their side to check if the received user id and password works or not. They need an api which will receive userid and password and return their authenticated status in Boolean value.

I hope above url will result in html page. Is there any api which would return the validation status in Boolean value?

jkaczynski
4-Participant
(To:rkandasamy)

Hello Rdhakrishnan Kandasamy​,

Any REST call that goes to Thingworx will return the HTTP Status. If you succeed with authentication - 200. If not, 401 - Unauthorized. Then you need only to check the HTTP status.

The response format depends on the Accept header. You can use text/html to get the html page with additional information. Possible are also text/xml or application/json.

But please notice, that sending user credentials over HTTP(s) is not a best practice from the security point of view.

Regards,

J.

If Aanjan's comment helped you,  you may want to consider marking it as correct to help other customers with their similar problems.

Top Tags