cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

looking for a way to authenticate a ThingWorx user through a REST API.

Newbie

looking for a way to authenticate a ThingWorx user through a REST API.

Hi Team,

I want to authenticate a thingworx user by passing the username and password  to an api . Is there any API in thingworx for the same, which results the authentication status?

Edited: Also is it possible to retrieve the password for any given user in thingworx?

7 REPLIES 7

Re: looking for a way to authenticate a ThingWorx user through a REST API.

Wouldn't be possible OOTB, you may look into custom authenticators.

Refer to this chapter for the information on authenticator sample extension configuration:

Digital Media Publisher

Re: looking for a way to authenticate a ThingWorx user through a REST API.

Yeah, a custom authenticator would do it. Here is a KCS Article on the subject. The authenticate method would not need to be complicated, just something like:

  String username = httpRequest.getHeader("Username");

  String password =  httpRequest.getHeader("Password");

 

  if(username.isEmpty() || password.isEmpty())

     throw new AuthenticatorException("User login info is empty in CustomAuth");

  try {

       // Checks that user exists and is enabled; throws exception if can't validate

       AuthenticationUtilities.validateEnabledThingworxUser(username);

       // Tells rest of ThingWorx which user is logged in for purposes of permissions, etc.

      this.setCredentials(username);

  } catch(Exception e) {

        //TODO implement logging

  }

So if you sent a request with a header that contained Username and Password, just like how you include content-type, etc., then, this would log that user in if it could.

Re: looking for a way to authenticate a ThingWorx user through a REST API.

Hello,

If you're using a REST API there is OOTB possibility to authenticate request with the Header, no need in preparing own, custom Authenticator.

You just need to pass a Header: Userid and Password.

Regards,

Jakub.

Re: looking for a way to authenticate a ThingWorx user through a REST API.

Rdhakrishnan, if you want to pass in your username and password, you can use something like this (with x-session for the session to persist)-

localhost/Thingworx/Things?userid=Administrator&password=admin&x-thingworx-session=true

With that being said, is there a specific reason why you would want to send your username/ password instead of using the appKey to authenticate?

Re: looking for a way to authenticate a ThingWorx user through a REST API.

As per our use case, we share thingworx userid and password in an api. So this could be a verification call from their side to check if the received user id and password works or not. They need an api which will receive userid and password and return their authenticated status in Boolean value.

I hope above url will result in html page. Is there any api which would return the validation status in Boolean value?

Re: looking for a way to authenticate a ThingWorx user through a REST API.

Hello Rdhakrishnan Kandasamy​,

Any REST call that goes to Thingworx will return the HTTP Status. If you succeed with authentication - 200. If not, 401 - Unauthorized. Then you need only to check the HTTP status.

The response format depends on the Accept header. You can use text/html to get the html page with additional information. Possible are also text/xml or application/json.

But please notice, that sending user credentials over HTTP(s) is not a best practice from the security point of view.

Regards,

J.

Re: looking for a way to authenticate a ThingWorx user through a REST API.

If Aanjan's comment helped you,  you may want to consider marking it as correct to help other customers with their similar problems.