Learn how to simplify your EvolutivoFW integrations with the new token based web service access.

The EvolutivoFW web service is protected by a two-step CHAP validation process and a native expiration time of the user access details. This is a standard security approach named PPP Challenge Handshake Authentication Protocol (CHAP), which you can read about here

While this approach is rather secure, it has the inconvenience of having to implement the two-step validation and also check if the access has expired in every call. This is kind of easy to do and directly supported by the coreBOS libraries but it makes integrations a lot harder to implement.

To make integrations easier we have implemented a flat token-based access to the web service API. Using the credentials module you can create a record with a token that will give access to the user assigned to the record during the designated time interval.

The token must be sent as a header in the variable corebos_authorization.

Let's see an example. This is a credentials record in a EvolutivoFW installation configured to accept the token mysupersecuretoken (please use a strong token here) during the period from 2023-01-01 to 2023-02-28, January and February of 2023 that will grant access as the user testdmy

This is a query call using the token in thunderclient

The main reason we implemented this feature was for accessing EvolutivoFW from make and jitsu.

Fun stuff!! Enjoy

Photo by Maxim Zhgulev on Unsplash