Configuring REST API users

Warning

This panel is available only in Rulex Platform Cloud/Server Version.

In Rulex Platform Cloud/Server Version, users are classified into two different types, each having distinct rights and authentication methods:

  • Physical users: accessing the Platform through the Web-based GUI.

  • Machine users: accessing the Platform using the exposed REST APIs.

To access Rulex Platform application, physical users perform an Oauth2.0 authorization flow login against the Rulex Platform authentication server, very often mediated through an external identity provider federated using OpenID or SAML standard.

While, machine users always perform an Oauth2.0 client direct grant flow login only against the Rulex Platform authentication server. Machine users are clients of the internal authentication server and use one of the following method to perform their login operation:

  • Client ID/Client Secret client authentication.

  • Signed JWT client authentication.

See also

Look at GetAuthToken api call for further information about the Machine user authentication flow.

Attention

Physical users can not access the Rulex Platform REST API.

Machine users can not access Rulex Platform through browser login.

To create a new Machine user, you need the following:

Prerequisites

  • A user logged into Rulex Platform with REST api role (see role page for further information about Rulex Platform roles).

  • A certificate in pem format, if you want to use signed JWT client authentication.

To execute the creation of a new user, follow these steps:

Procedure

  • Click on the user icon located on the right side of the main toolbar of Rulex Factory.

  • Click on the Manage rest api entry.

  • In the opened REST API panel, consider the list on the left and write the name of the new Machine user you want to create where the New User… placeholder is located.

  • Press Enter or click the Plus icon to add the user.

  • Select the type of authentication you want to use for the new user by using the switch located on the top of the right side of the pane: Secret or Signed JWT. If Signed JWT option is selected, the system will ask you to upload a pem format certificate to be associated to the newly create user.

  • Click on CREATE USER to finish the creation.

Once new Machine users are added to the system, you can configure their characteristics (Product key used, group memberships…) through the same dedicated panel used for the creation.

REST API configuration panel

The panel to configure Machine user is divided into two areas:

  • On the left side, the list of all the available users are shown. By clicking on one of them you can inspect its properties, with the New User… line you can add a new Machine user.

  • On the right side, you can visualize/configure the characteristic of the selected Machine user.

The characteristics of a Machine user are:

  • Secret or pem certificates which can be regenerated by clicking on the Refresh icon or by uploading a new certificate.

    Attention

    Secret can be visualized only at the moment of the creation. Remember to take note of it for any subsequent use.

  • License product key used by the Machine user during the license login phase in REST API calls. By default, a newly created Machine user inherits the product key of the user who has created it.

  • Group membership: to add a new group to the Machine user, you can write the new group name where New group… placeholder is located. Checkboxes allow you to select/deselect groups to which your Machine user belongs at any time.

Any time a configuration is changed, you can click SAVE CHANGES button to save your work or DISCARD to erase it.