CAMUNDA API REST Authentication

4
votes

I am trying to connect from my javascript front to the REST API of my camunda orchestration which is deployed as part of a spring boot application.

the called url is :

GET http://localhost:8081/oms-orchestrator-ms/api/engine/engine/default/history/process-instance

i get an 401 error for non authenticated queries which is normal

First question : is it the right way to query the Engine Rest API for process definition/ instances and history?

In order to make it work , i add the JSESSIONID cookie as header to my requests, how can i use the basic auth to query the orchestrator api instead of using the cookie?

Thanks for your Help

1
spring-bootcamunda
docs.camunda.org/manual/7.8/reference/rest/overview/…Serg Vasylchak
it adds another layer of authentification, basic AuthLho Ben

1 Answers

7
votes

the /api path is part of the cockpits REST backend which is secured by the same rules as the cockpit webapp. You can additionally deploy the rest api (camunda-bpm-spring-boot-starter-rest if you are using spring boot). This will add an almost identical REST api for the engine under the path /rest. This one is open by default and can be secured manually if required (and advised for prod environments).