General

  eZ Systems Website
  Technical documentation
  Editor documentation

This Documentation contains:
 
Technical documentation:



⚠ WARNING ! This documentation is deprecated !

Please go to the current Technical Documentation

Skip to end of metadata
Go to start of metadata

Since the introduction of REST API v2 with eZ Publish 5.0, two authentication methods are supported: session, and basic.

  • Session-based authentication is meant to be used for AJAX operations. It will let you re-use the visitor's session to execute operations with their permissions.
  • Basic authentication is often used when writing cross-server procedures, when one remote application executes operations on one/several eZ Platform instances (remote publishing, maintenance, etc).

As of eZ Platform the default authentication method is Session-based as this is needed for UI.

Session based authentication

This authentication method requires a Session cookie to be sent with each request.

If this authentication method is used with a web browser, this session cookie is automatically available as soon as your visitor logs in. Add it as a cookie to your REST requests, and the user will be authenticated.

Logging in

It is also possible to create a session for the visitor if they aren't logged in yet. This is done by sending a POST request to /user/sessions. Logging out is done using a DELETE request on the same resource.

HTTP Basic authentication

To enable HTTP Basic authentication, you need to edit app/config/security.yml, and add/uncomment the following block. Note that this is enabled by default.

ezplatform.yml

Basic authentication requires the username and password to be sent (username:password), based 64 encoded, with each request, as explained in RFC 2617.

Most HTTP client libraries as well as REST libraries do support this method one way or another.

Raw HTTP request with basic authentication

1 Comment

  1. A note for people playing around with using the Symfony firewall(s) with different access rules for different pats of APIs: if you use "ezpublish" as autehnticator for a new firewall you define for a part of the site, you will get symfony exceptions unless you reste the check_path and login_path variables, eg:

            xxx_rest_withsession:
                pattern: ^/api/xxx_rest_session/v1
                ezpublish:
                    check_path:
                    login_path: