Token example
When you create a remote, anyone who knows the path can access it and perform a request or action. However, it is often necessary to restrict this access to only trusted scripts.
The first and simplest method is a token.
In a POST request, you pass "token" = "TOKEN_VALUE" as one of the parameters and check it in the remote code:
=: if(condition: $#post[token] = "TOKEN_VALUE"; then: $select)
select: select(table: 'table'; field: 'summ'; where: 'key' = $#post[key])
In this case, if an external server does not send the token in the POST request or sends an incorrect token, it will not receive a response.
API users example
The second approach is a bit more complex but has an additional advantage.
The fact is that with the basic setup, if you have several different remotes, they are accessed via different url.
Using API-user allows you to send a request to a single address, specifying which remote it pertains to in the request body.
For this to work, we need to create a user with the API attribute.
This API-user must be selected in the api_user field in remotes.
The request is made via POST formatted as raw-data to a single address http(s)://domain.zone/Json/.
The request body contains a JSON with an authorization section and a remotes section:
{
"auth": {
"login": "json",
"password": "1111"
},
"remotes": [
{"name":"remote1", "data": {"var1": 1, "var2": [1,2,3]}},
{"name":"remote2", "data": {"var1": 2, "var2": [3,2,5]}}
]
}
Thus, several remotes can be called simultaneously. They will be executed in the order they are passed in the request.
When a remote call is made through the API-JSON interface, the variables passed to the remote can be accessed in the $#data variable!