I am trying to set up REST api in my node red. I want to set authentication but Im not sure how to do this. In the 'http request' node, Im able to put in authentication to GET/POST from external server.
However, if a client wants to access my API(http in node), there is no provision to set basic authentication. I'm sure there has to be a way to restrict access to my API. How can I set the username and password.?
Currently, my node red is installed in linux debian based IOT device. Do I need to edit any configuration files in NODE RED?
You can capture the incoming headers in the http-in node (
msg.req.headers.authorization) and handle the authentication yourself from there.
This is a good idea also. I'm able to catch the authentication.Thanks.
But I'm actually not that familiar with REST API. I know that if incorrect username/password it has to give something like "401-Unauthorized". I could return this message in the payload but I'm not that sure what is the full format for such response. But I can work with this.
However, is there other ways where this can all be automatically taken care off?
The http-response node supports
msg.statusCode, so you would return a 401. (and you can route that to a custom html response as well).
Yes, by far the easiest approach is to use an external reverse proxy such as NGINX or Caddy and do the authentication there.