Navigation
eZ Documentation Center
 

This is outdated documentation made for eZ Publish Platform 5.1. It is being moved into the eZ Publish 5.x documentation, so please go there for most up-to-date documentation.

Versions Compared

Old Version 13

changes.mady.by.user Sarah Haïm-Lubczanski

Saved on

compared with

New Version Current

changes.mady.by.user Sarah Haïm-Lubczanski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

At the time of the 5.0 release, two authentication methods were supported: session, and basic. Session based authentication is meant to be used for AJAX operations. It will let you re-use the visitor's session to execute operations with their permissions. Basic authentication will be useful when writing cross-server procedures, when one server executes operations on one/several eZ Publish instances (remote publishing, maintenance, etc).

Changelog

Version 
5.0Session and Basic support

 

Session based

This authentication method requires a Session cookie to be sent with the request. If this authentication method is used through a web browser, this session cookie is available as soon as your visitor logs in. Add it as a request cookie to your REST requests, and the user will be authenticated.

Setting it up

To enable session based authentication, you need to edit ezpublish/config/security.yml, and comment / remove the configuration block about REST

Code Block
languagenone
titleezpublish.yml
        ezpublish_rest:
            pattern: ^/api/ezp/v2
            stateless: true
            ezpublish_http_basic:
                realm: eZ Publish REST API

Logging in

It is also possible to create a session for the visitor if he isn't logged in yet. This is done by sending a POST request to /user/sessions. Logging out is done using a DELETE request on the same resource.

More details about this can be found in the reference documentation.

Example

Code Block
titleSession authentication with siteaccess header
GET /api/ezp/v2/user/roles HTTP/1.1
Host: api.example.com
Accept: application/vnd.ez.api.RoleList+json
Cookie: eZSESSID22af645d1859cb5ca6da0c484f1f37ea=ca8123ccb543834fecd48f282a40156e
Info
titleis_logged_in cookie

Session auth currently requires the is_logged_in cookie to be provided with every authenticated request. This cookie will be sent in reply to a successful session authentication.

Code Block
titleSession authentication with siteaccess header
GET /api/ezp/v2/user/roles HTTP/1.1
Host: api.example.com
Accept: application/vnd.ez.api.RoleList+json
Cookie: eZSESSID22af645d1859cb5ca6da0c484f1f37ea=ca8123ccb543834fecd48f282a40156e; is_logged_in=true
Info
titleMore information

Session based authentication chapter of the REST specifications

Basic HTTP authentication

Basic authentication requires the password to be sent, based 64 encoded, with the request, as explained in RFC 2617.

Most HTTP client libraries as well as REST libraries, should support this method one way or another.

Code Block
languagenone
titleRaw HTTP request with basic authentication
GET / HTTP/1.1
Host: api.example.com
Accept: application/vnd.ez.api.Root+json
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==