Secure Calls - AFS

AFS Security

Product
AFS
AFS_Version
7.8
Category
Technical Notes
language
English
audience
public

It is necessary to secure calls to AFS Web Services, in order to restrict access to allowed users.

To secure calls to AFS Web Services thanks to afs:key.

Using AFS Back-Office:

  1. Edit the QEng/Webservices/key parameter.
  2. Set it to the desired Key value.

    Calls to AFS Web Service need the afs:key parameter to be set to the correct value.

Role

This parameter allows to authenticate calls to AFS web services.

Status

Optional. By default, this parameter is not necessary.

If configuration variable QEng/Webservices/key is set, then calls to AFS web services (search, acp, click, content) must contain the key thanks to the parameter afs:key.

If the key is false or omitted, the query is rejected and user receive a 403 HTTP error.

If configuration variable is not set, the afs:key parameter is ignored. In this case, non-authenticated queries are allowed.

Example

In configuration, QEng/Webservices/key variable is set to myKey:
QEng/Webservices/key=myKey

All calls to AFS web services must contain afs:key=myKey, example:
http://server/search?afs:service=1&afs:key=myKey&;...