18.1. Adminapp REST API

Access Control

The Adminapp REST API is accessible only to authenticated admin users with the appropriate rights.

The configuration separates authentication of the REST client from functional authorization:

  • Authentication: see Adminapp >> REST API Configuration >> config group API Access Control
  • Functional authorization: see Adminapp >> Access Control
63981839.png

Authentication

Authentication of the  REST client requires two plugins:

  • Request Credential Policy: Determines how to extract credentials (e.g. username and password or a ticket) from the REST request.
  • Examples are: 

    • HTTP Basic Auth header
    • Cookie with a JWT ticket
    • OAuth2 Bearer Token
    • Client certificate
  • Authenticator: Defines how the credentials are verified (e.g. password check, certificate validation, or JWT verification).

Functional Access Control

The property "Access Control" (a top-level property in the "Adminapp") defines the authorization of an authenticated REST client in the Adminapp REST API.

The default access control plugin "Role-based Access Control" controls access to a large set of actions. Refer to the plugin documentation in the Config Editor for further details.

Service list

Supported services (see ADMIN-REST-API-REFERENCE for technical details) are:

Service
Description
Configuration Path in Config Editor
User Management
Comprehensive user management services (add, delete, modify, list, search, etc.).
Get login statistics, lock/unlock user accounts, set validity range, etc.
Adminapp >> Users
Password and Authentication Token Management
Management of users' authentication tokens: assign tokens to user, order new tokens, see token details, edit token details, order letters, etc.
Define active authentication token for user, edit token migration details, etc.
mainly in Adminapp >> Users >> Authentication Tokens (Credentials)
also various properties in Adminapp >> Users
Generic Token API
Custom REST services for custom authentication tokens or other user-related custom information can be added by configuring a "Generic Token Controller" plugin.
Adminapp >> Users > Authentication Tokens (Credentials): add a Generic Token Controller
Token Management
Management of tokens independently of users (e.g. manage hardware OTP tokens, view Cronto token licenses).
Adminapp >> Tokens
Technical Client Management
Manage technical clients (API clients).
Adminapp >> Technical Clients
Maintenance Messages
Manage maintenance messages (list, add, delete, modify).
Adminapp >> Maintenance Messages
SMS Service
Send an SMS message and get the delivery status.
Adminapp >> REST API Configuration >> SMS Service Settings
Tech Client Management
List, Lock/Unlock, Delete technical clients (API clients).
Adminapp >> Technical Clients

Attribute level Access Control (input validation)

To access user attributes through the Adminapp REST API interface, every attribute must be configured as a "User Profile Item". This ensures that both GUI and REST API enforce the same access restrictions. To configure "User Profile Items" see 18.13. Admin roles and user groups in Adminapp.