AuthSettings.config
- 1 minute to read
Customer's Canvas allows you to define security policy for using the Web API in the ~\Configuration\AuthSettings.config file. This topic describes how you can configure authentication settings for both single requests and request groups.
For example, you can configure the GET and POST requests so that they do not require authentication and allow the HTTP protocol as follows:
<AuthSettings>
<route
name="Rendering API"
path="api/rendering/{*}"
methods="GET, POST"
authRequired="false"
unsafeHttpMode="enabled"
/>
<route
name="Barcode API"
path="api/barcode/{action}/{*}"
methods="POST"
authRequired="false"
unsafeHttpMode="enabled"
/>
</AuthSettings>
A route element defines request authentication settings. Now, let us describe the attributes of this element.
| Attribute | Description | Possible values |
|---|---|---|
| name | The unique route name. | string |
| path | The request endpoint. This attribute may represent a template when it contains variables {variableName} or symbols {*}. |
string |
| methods | The request methods. By default, all applicable methods are involved. | string |
| authRequired | Enables authentication through X-CustomersCanvasAPIKey. The default value is true. |
true, false
|
| unsafeHttpMode | Allows access through HTTP. If default, then the UnsafeHttpWebApiEnabled parameter defines the protocol type. If enabled, you can call the corresponding request through an unsecure HTTP protocol despite the value of UnsafeHttpWebApiEnabled. |
default, enabled, disabled
|
The name and path attributes are mandatory. In the path, you can use the following template symbols:
{variableName}to replace with action names. For example,"api/barcode/{variableName}"corresponds to:- api/barcode/createForUrl
- api/barcode/createForNumber
{*}to replace with any sequence of characters. For example,"api/barcode/createForUrl/{*}"corresponds to:- api/barcode/createForUrl/dip
- api/barcode/createForUrl/dip/size
Important
The path attribute cannot start with the {action} or {*} symbols.