QNE API ACCESS CONTROL

Created by Cheng Kah Poh, Modified on Thu, 25 May, 2023 at 3:50 PM by Cheng Kah Poh

** Improved security measure to avoid data being accessed by unwanted people

 

Problem: Anyone with a valid DbCode can access to the data stored in the database

Solution: To have an option to force people to use login credential to gain access (token)

 

  1. Pull out the field named “API DbCode Access”

Figure 1: API DbCode Access field in System Options

 

  1. Turn ON to allow people to gain access using only the DbCode
  2. Turn OFF to force people to gain access using login credential

Figure 2: Access denied when retrieving data using DbCode only

 

 

  1. People can only gain access via token, which is generated with the correct login credential (route: /api/Users/Login)

Figure 3: Able to retrieve data from the database using token


** Learn more about Azure Cloud

** Learn more about QNE Hybrid Cloud Software

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article