REST API Invocation without login or with special login

[sperok]

It would be really helpful if certain REST functions could be authorized for access either without login or with non-admin credentials. For example.

 

- default is to disallow all REST API calls to non-admin authenticated users

- users could be granted access with a directive such as: allow

 

Examples:

 

allow * http://myisy.xx.yy/REST/programs/0034 * Allows anyone to run program ID 34 using any command

allow * http://myisy.xx.yy/REST/programs/0034 runIf Allows anyone to run program ID 34 using the runIf command

allow fred http://myisy.xx.yy/REST/programs/fred/* * Allows user fred to run all programs in the "fred" sub-directory with any command

 

My particular use case is to provide very streamlined access for users of a rental property. I'd like to embed a few links in an e-mail that they could invoke from their phone or wherever they are. That way they can "poke" the house when they are on the way up and the hot tub will be ready when they arrive, the gate will be open and the lights will come on. All without building a web site ...

[Michel Kohanim]

Hello sperok,

 

We do have a requirement to allow for guest users. Unfortunately, currently it has a low priority mostly because our focus is 100% on ELK.

 

With kind regards,

Michel

[sperok]

Michel,

 

I understand the priorities. I just wanted to make sure an explicit request for access by the REST API's made it on the books.

 

Thanks,

 

Spero

[Michel Kohanim]

Hello Spero,

 

Yes, it has!

 

With kind regards,

Michel

[Kev1000000]

Not sure if you're aware, but most browsers (even mobile ones) will do simple HTTP Auth if you use this syntax for the url.

 

http://user:pass@yourisyip/rest

 

Makes development 1000x easier

 

 

EDIT: Nevermind, just re-read your requirements. Yeah, guess that wouldn't work for you.

[sperok]

yup - that's what I do now. the nasty side effect is that anyone I send the link to now has full admin access to my ISY ...