Jump to content

Cannot get API Key Security working


Recommended Posts

Dear folks,

I'm trying to get NI's API Key Security working to restrict access to a Webservice. I'm using Labview 2010 32-bit with f2 patch on English Windows 7 Professional 64-bit. Until now my attempts are unsuccessful.

My idea of API Key Security is the following:

Client requests an URL Mapping at the NI Webserver for which API Key security was enabled in the build.

If the right API Key headers are supplied, the webserver returns code 200 and the data.

If wrong or no API Key headers are supplied, webserver returns 403 access denied and no data.

The point is, even if I enable API Key security and configure the keys, it is still possible to request the page and get the data without supplying the keys.

I created a small test project which you can run on your computer, I have attached it.

So I did the following.

1) configured NI Application Webserver to run on port 80 (you can do this here).

2) Created a VI "test.vi" which outputs a test message (current date and time followed by 'congratulations').

3) created "apikeytest" webservice for this VI, enabled API Key security for the URL mapping, built an deployed it to localhost.

4) configured NI Distributed System Manager (DSM) to show webservices (instructions), it doesn't do this by default.

5) configured the following API Key using NI DSM: accessID=api, secureID=key, see attachment.

6) restarted webservices (Start > Run > services.msc > restart "NI Application Webserver")

If I now make a GET request to http://localhost:80/apikeytest/test using attached "http get client.vi", or a normal browser, you always get HTTP Status 200 OK and the data, no matter if the keys are added or not.

Removing the apikeytest webservice using DSM prior to deploying a fresh build doesn't help.

I found RESTclient add-on for Firefox very useful to see which headers are sent and received.

So it seems the webserver doesn't know that he has to validate API Keys, although I enabled it in the build configuration and configured an AccessID and SecretID.

Anybody any suggestions how to get this running?

Don't be suprised if I do not reply before 3 January!

post-18473-0-33400300-1293103597_thumb.p

api key test20101223.zip

Edited by Biggeveen
Link to comment
  • 2 weeks later...
  • 4 weeks later...

I'm trying to get NI's API Key Security working to restrict access to a Webservice. (...)

The point is, even if I enable API Key security and configure the keys, it is still possible to request the page and get the data without supplying the keys.

I contacted National Instruments about this, they acknowledge the bug. They also told me it is likely not going to be fixed in the next release, and probably the entire API Key mechanism will be removed in future versions...

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.