This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

oAuth disable in smartdocs?

Posted on 05-26-2015 10:26 PM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi guys, I have a proxy with oAuth v.2.0 policy and in smart docs I created an model w.r.t to this proxy.

So if a user uses my smartdocs s/he needs the access token to use my models.

Now is there a way to disable oAuth authentication in smartdocs? Because providing access token to the user is not a solution.

Is there any other way to implement this?

or

Can I use the Authentication Settings for API Revision in smartdocs where I can specify the Custom Token tag and fill the details?

0 1 176
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Barahalikar Siddharth

When your API Proxy gets the request, there is no way for it, without interpreting the Auth headers, to know whether the request is coming from smartdocs or from a different client/app.

You can set certain headers (or other paramaters) in your smartdocs, to let your API Proxy know, but that is not a good thing for two reasons:

  1. You(r smartdocs) are not teaching your developers properly/accurately, on how to use the API
  2. Whatever you do to bypass the security from smartdocs can be used by other clients, becomes a security loophole

Given this, the best thing to do to is:

Create a Sandbox API that will work with a dummy access token, or create an access token for this Sandbox API that has a long life.

Given an option to hit the sandbox API (or make it default), with this access token embedded into smartdocs.

0 Likes