Authorization for SaaS
-
How does the authorizion work for SaaS. It seams to work without the Autherization header and only a session cookie is needed?
-
jsreportonline currently supports only basic header-based authorization for API requests.
The studio browser authentication is processed through a session cookie.
-
So there is no password or secret required to call the api?
-
You need to send the password in the authorization header of course. This standard is called "Basic access authentication".
You need to add a HTTP header to every request looking like this
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==Where the hash is based on username and password: base64(username:password)
https://en.wikipedia.org/wiki/Basic_access_authentication
https://jsreport.net/learn/authentication
-
Thats where I am confused it works for me without Authorization header in Postman and I don't know why
-
Such tools like postman often share the cookies with your browser. So that is why.
You may try with your real client.