Adding authentication for REST API


I am trying to set up REST api in my node red. I want to set authentication but Im not sure how to do this. In the 'http request' node, Im able to put in authentication to GET/POST from external server.

However, if a client wants to access my API(http in node), there is no provision to set basic authentication. I'm sure there has to be a way to restrict access to my API. How can I set the username and password.?

Currently, my node red is installed in linux debian based IOT device. Do I need to edit any configuration files in NODE RED?

thank you

You can capture the incoming headers in the http-in node (msg.req.headers.authorization) and handle the authentication yourself from there.

This is a good idea also. I'm able to catch the authentication.Thanks.

But I'm actually not that familiar with REST API. I know that if incorrect username/password it has to give something like "401-Unauthorized". I could return this message in the payload but I'm not that sure what is the full format for such response. But I can work with this.

However, is there other ways where this can all be automatically taken care off?

Thank you

The http-response node supports msg.statusCode, so you would return a 401. (and you can route that to a custom html response as well).

Yes, by far the easiest approach is to use an external reverse proxy such as NGINX or Caddy and do the authentication there.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.