By default, the CData API Server uses authtoken-based authentication to control per-user access to the API. You can alternatively provide Windows user credentials to authenticate to the APIs.

Adding Users

Follow the steps below to add API Server users or Windows users. To add a user, click Settings -> Users -> Add. In the resulting dialog, enter the following information:

• Name: Enter a username to be used in HTTP authentication. Or, if you have enabled Windows authentication, specify a Windows/LDAP username or group. See User Management to enable Windows authentication.
• Group: Enable this option to specify a Windows/LDAP group in the Name box. (See the Windows authentication section below for more on authentication with domain groups and roles.)
• Privileges: Select the HTTP methods the user is allowed to access, GET, POST, PUT/PATCH/MERGE, or DELETE. These correspond to SELECT, INSERT, UPDATE, and DELETE statements, respectively.
• Max. Requests: Enter the maximum requests per hour for this user. A value of 0 allows the user unlimited access per hour.
• Max. Concurrent Requests: Enter the maximum number of requests that can be sent simultaneously. A value of 0 allows the user unlimited simultaneous requests.
• Active: Disable this option to disable access to the APIs for this API user. Note that user-specific settings override server-wide Rate Limiting settings. An empty value for one of the user settings will use the server default.

Configuring the User Database

The CData API Server stores user information in an SQLite (Windows/.NET) or Derby (Java) database by default. You can also save user information to the database of your choice. If you are using the .NET edition, specify the connection string to the caching database in the connectionStrings element of the Web.config. Otherwise, refer to the documentation for the server you are hosting the API Server on.

Authenticating with an Authtoken

You can provide an authtoken to connect with HTTP Authentication. For example, to use HTTP Basic authentication, set the username in the User header and the user’s corresponding authtoken in the Password header.

Authenticating with Windows Credentials

If Windows authentication is enabled for the API Server (see User Management), API users can authenticate and access resources using NTLM authentication rather than their authtokens.

Domain Groups and Roles

When adding a Windows user to the API Server, you can specify a name referring to a Windows/LDAP group instead of a single user by checking the box Group. If such a group is specified, a Windows user need only be part of the Windows group to access a resource.