Version 23.0.9145

• Adding Users
• Configuring the User Database
• Authenticating with an Authtoken
• Authenticating with Windows Credentials
  • Domain Groups and Roles

By default, CData API Server uses authtoken-based authentication to control per-user access to the API. Alternatively, you can provide Windows user credentials to authenticate to the APIs.

Adding Users

Follow these steps to add API Server users or Windows users. To add a user, click Settings > Users > Add. Enter the following information:

• User or Group: Enter a username to be used in HTTP authentication. If you have enabled Windows authentication, specify a Windows/LDAP username or group. See User Management to enable Windows authentication.
• Group: Check this to specify a Windows/LDAP group in the User or Group field. See Authenticating with Windows Credentials for more on authentication with domain groups and roles.
• Privileges: Select which HTTP methods the user is allowed to access: GET, POST, PUT/MERGE/PATCH, or DELETE. These correspond to SELECT, INSERT, UPDATE, and DELETE statements, respectively.
• Max. Requests: Enter the maximum requests per hour for this user. Set it to 0 to allow the user unlimited access. The default is 1000.
• Max. Concurrent: Enter the maximum number of requests that can be sent simultaneously. Set it to 0 to allow the user unlimited simultaneous requests. The default is 100.
• Active: Uncheck this to disable access to the APIs for this user.

Note: These user-specific settings override the server-wide Rate Limiting settings. An empty value for one of the user settings means the server default is used instead.

Configuring the User Database

API Server stores user information in an SQLite (.NET) or Derby (Cross-Platform) database by default. You can also save user information to the database of your choice. If you are using the .NET edition, specify the connection string to the caching database in the connectionStrings element of the Web.config file. Otherwise, refer to the documentation for the server you are hosting API Server on.

Authenticating with an Authtoken

You can provide an authtoken to connect with HTTP Authentication. For example, to use HTTP Basic authentication, set the username in the User header and the user’s corresponding authtoken in the Password header.

Authenticating with Windows Credentials

If Windows authentication is enabled for API Server (see User Management), API users can authenticate and access resources using NTLM authentication instead of authtokens.

Domain Groups and Roles

When you add a Windows user to API Server, you can specify a name referring to a Windows/LDAP group instead of a single user by checking the Group checkbox. When a group is specified, a Windows user only needs to be a member of the group to access a resource.