BAW REST APIs described at (1)
Swagger - <BAWSERVER>/bpm/explorer/ and (2) REST API Tester - <BAWSERVER>/bpmrest-ui/BPMRestAPITester/index.jsp can only be invoked by authenticated users.
Both support
- basic authentication (HTTP header "Authorization: Basic .....")
- authentication cookie (LtpaToken2 by default)
(1)
additionally requires the client to invoke a system/login API to obtain a CSRF token. This token is unrelated to authentication, but protects against Cross Site Request Forgery as it cannot be obtained cross origin. When the /system/login API is invoked, it will return a token for the currently authenticated user.
When you build a custom UI that causes the browser to send REST requests to these APIs, you need to ensure that the user is already authenticated with BAW (has a valid authentication cookie) AND in cases CSRF protection using REFERER and Origin headers is configured in
https://www.ibm.com/support/knowledgecenter/en/SS8JB4_20.x/com.ibm.wbpm.imuc.doc/topics/rsec_harden_properties.html your origin must be whitelisted.
When BAW is integrated with User Management Service or any other OpenID Connect provider, you can also obtain tokens from that IdP and send them as Bearer tokens.
------------------------------
Jens Engelke
------------------------------
Original Message:
Sent: Sun August 02, 2020 12:14 PM
From: Ngan Nguyen
Subject: REST API Access to BAW
Please refer to this article : https://www.ibm.com/support/knowledgecenter/en/SS8JB4/com.ibm.wbpm.main.doc/topics/rrestapi_authcontrol_ovw.html
------------------------------
Ngan Nguyen
Original Message:
Sent: Fri July 31, 2020 05:55 AM
From: Ivan Rendulic
Subject: REST API Access to BAW
Hi there,
I am new to BAW and comming from CSD.
Is there an REST API that I can develop solution similar to Navigator?
For example: is thera a login endpoint where I can authorize the users and get the token for further calls?
Thx in advance,
Ivan
------------------------------
Ivan Rendulic
------------------------------