Skip to main content
D
drieder1-Visitor
1-Visitor
December 19, 2018
Question

Authentication with User Credentials via Rest Api

  • December 19, 2018
  • 1 reply
  • 43051 views

Hello Everyone,

 

I am developing an App with Ionic 3 and I would like to create a login Page in my App. The Login Page should take Username and Password and check whether these are valid credentials for a Thingworx User.

 

What would be the easiest way to achieve this via a rest call?

 

When you open the composer, a login prompt appears. It would be nice to simply use the service behind this login prompt (which also just takes username and password) in order to verify the user.

 

Any help is appreciated very much.

 

Best Regards,

Dominik

1 reply

P
posipova20-Turquoise
20-Turquoise
December 19, 2018

Would Form Login be something to satisfy your requirements?

http://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/#page/ThingWorx%2FHelp%2FSecurity%2FOrganizations%2FFormLoginPagesforOrganizations.html

 

D
drieder1-VisitorAuthor
1-Visitor
December 20, 2018

Hello @posipova,

 

thank you for your reply. Unfortunately this is not exactly what I was looking for.

 

I want the user to login into my app which has its own login "page". In this app I will make Rest Calls in order to retrieve Property Values of Things and in order to execute services. For these Rest Calls I want to use the User Credentials for Authentication (not the application Key as usual)

 

Because of that I simply want to check whether the given user with the given password is a legit Thingworx user.

C
CarlesColl1-Visitor
1-Visitor
December 20, 2018

On our Ionic Apps:

  • We use the Login/Password to get an appKey (automatically created upon request) and never store the Login/Password credentials on the device, just the temporal appKey "token"
  • After that we do the Rest API calls with the previous token/appKey

We have an old one done with Ionic 1 and the new one that we are developing with Ionic 4, here it's a sample of the API call in order to get the appKey:

 

 

login(username: string,password: string) {
	var apiURL:string = "/Thingworx/Things/wupAppAuthenticatorHelpers/Services/GetAppKey_wupAppAuthenticatorTS";
	var encodedData = window.btoa(username + ":" + password);	
	let headers = new HttpHeaders({
			 'Content-Type': 'application/json',
			 'Accept': 'application/json',
			 'Authorization': 'Basic '+encodedData,
			 	'Cache-Control': 'no-cache'
			 });

	let httpOptions = { headers: headers /*, withCredentials: true */ };

	var content = JSON.stringify({ "context": this.conf.getAppContext() });

	this.http.post<any>(apiURL, content,httpOptions)
		 .subscribe(
		 	res => {
			 this.handleLoginResult(res);
				 },
				err => {
					this.handleLoginError(err);
				}
		 );

 }

Where "wupAppAuthenticatorHelpers/Services/GetAppKey_wupAppAuthenticatorTS" it's a helper thing/service that generates the appKey.

 

Then the rest of calls should be something like:

let apiURL = "DesiredTWAPIEndPoint";
let headers = new HttpHeaders({
 'Content-Type': 'application/json', 
 'Accept': 'application/json',
 'x-thingworx-session': 'true', 
 'appKey': previouslyAppKeyReceived 
 });
let httpOptions = { headers: headers }; 
var content = JSON.stringify({ yourJsonContent }); 
this.http.post<any>(apiURL, content,httpOptions) .subscribe( 
 res => { this.handleResult(res); }, 
 err => { this.handleError(err); }
 );

 

 

 

Terms & ConditionsAccessibility statement