ServiceManager API Protection Follow
ServiceManager has 2 security layers - on the user interface level, and optionally on the API level.
The client side is password protected by the login screen, which secures the client side of the ServiceManager.
Every client side operation triggers a server side functionality via an API call.
Performing API calls requires knowledge of request structure and values for the specific operation, and these APIs do not require authentication by default.
Open APIs allows easier access to the Service Manager functionality from external tools you may use.
However, such access is not always be necessary and you should consider adding extra security by preventing unauthorized access to the server
Turning on API protection
On your ServiceManager:
- Open the “Admin” tab.
- Click on the “System Properties” button.
- Scroll down and look for the “SERVICEMANAGER_API_PROTECTED” setting.
- Change the value from “false” to “true”.
Accessing protected API
With API protection turned on, you'll be requested to provide your ServiceManager credentials on each direct call to the API.
A browser will display a window similar to the following, while other tools will display appropriate error.
You'll need to provide your credentials in that window or pass appropriate header according to Basic Authentication protocol.
NOTICE: Your web services won’t be affected by this setting.
Web services inherit the security of the Form: as long as your business process in the form requires authentication, so does your web service.