Customer's Canvas allows you to define security policy for using the Web API in the ~\Configuration\AuthSettings.config file. This topic describes how you can configure authentication settings for both single requests and request groups.

For example, you can configure the GET and POST requests so that they do not require authentication and allow the HTTP protocol as follows:

        name="Rendering API"
        methods="GET, POST"
        name="Barcode API"

A route element defines request authentication settings. Now, let us describe the attributes of this element.

Attribute Description Possible values
name The unique route name. string
path The request URL. This attribute may represent a request template when contains variables {variableName} or symbols {*}. string
methods The request methods. By default, all applicable methods are involved. string
authRequired Enables authentication. The default value is true. true, false
unsafeHttpMode Allows access through HTTP. If default, then the UnsafeHttpWebApiEnabled parameter defines the protocol type. If enabled, you can call the corresponding request through unsecure HTTP protocol despite the value of UnsafeHttpWebApiEnabled. default, enabled, disabled

The name and path attributes are mandatory. In the path, you can use the following template symbols:

  • {variableName} to replace with action names. For example, "api/barcode/{variableName}" corresponds to:
    • api/barcode/createForUrl
    • api/barcode/createForNumber
  • {*} to replace with any sequence of characters. For example, "api/barcode/createForUrl/{*}" corresponds to:
    • api/barcode/createForUrl/dip
    • api/barcode/createForUrl/dip/size

The path attribute cannot start with the {action} or {*} symbols.

See Also