Adding authentication for REST API


I am trying to set up REST api in my node red. I want to set authentication but Im not sure how to do this. In the 'http request' node, Im able to put in authentication to GET/POST from external server.

However, if a client wants to access my API(http in node), there is no provision to set basic authentication. I'm sure there has to be a way to restrict access to my API. How can I set the username and password.?

Currently, my node red is installed in linux debian based IOT device. Do I need to edit any configuration files in NODE RED?

thank you

You can capture the incoming headers in the http-in node (msg.req.headers.authorization) and handle the authentication yourself from there.

This is a good idea also. I'm able to catch the authentication.Thanks.

But I'm actually not that familiar with REST API. I know that if incorrect username/password it has to give something like "401-Unauthorized". I could return this message in the payload but I'm not that sure what is the full format for such response. But I can work with this.

However, is there other ways where this can all be automatically taken care off?

Thank you

The http-response node supports msg.statusCode, so you would return a 401. (and you can route that to a custom html response as well).

Yes, by far the easiest approach is to use an external reverse proxy such as NGINX or Caddy and do the authentication there.