⟵ hearthere ⟶
  • Training course
  • Creating simple tables and fields
  • Codes base level
  • Selects and links between tables
  • Table settings basic level
  • Prefilters base level
  • Conditional formatting basic level
  • Action codes base level
  • Using pop-up windows
  • Cycles base level
  • Roles and users on the web
  • Codes advanced level
  • Action codes advanced level
  • Prefilters advanced level
  • Field and table settings advanced level
  • Cycles advanced level
  • Formatting advanced level
  • Select-Tree
  • Executing a scheduled action code
  • Printing and emailing
  • Notifications
  • API interaction
  • Calling a third-party script from button code
  • Calling a third-party server from code
  • Receiving external requests to totum
  • Authorization in remotes
  • Adaptivity and Sections

    • Authorization in remotes

    Token example

    When you create a remote, anyone who knows the path can access it and perform a request or action. However, it is often necessary to restrict this access to only trusted scripts.

    The first and simplest method is a token.

    In a POST request, you pass "token" = "TOKEN_VALUE" as one of the parameters and check it in the remote code:


    =:     if(condition: $#post[token] = "TOKEN_VALUE"; then: $select)

select: select(table: 'table'; field: 'summ'; where: 'key' = $#post[key])

    In this case, if an external server does not send the token in the POST request or sends an incorrect token, it will not receive a response.

    API users example

    The second approach is a bit more complex but has an additional advantage.

    The fact is that with the basic setup, if you have several different remotes, they are accessed via different url.

    Using API-user allows you to send a request to a single address, specifying which remote it pertains to in the request body.

    1. For this to work, we need to create a user with the API attribute.

    2. This API-user must be selected in the api_user field in remotes.

    3. The request is made via POST formatted as raw-data to a single address http(s)://domain.zone/Json/.

    The request body contains a JSON with an authorization section and a remotes section:

    {
"auth": {
    "login": "json",
    "password": "1111"
  },
"remotes": [
    {"name":"remote1", "data": {"var1": 1, "var2": [1,2,3]}},
    {"name":"remote2", "data": {"var1": 2, "var2": [3,2,5]}}
  ]
}

    Thus, several remotes can be called simultaneously. They will be executed in the order they are passed in the request.

    When a remote call is made through the API-JSON interface, the variables passed to the remote can be accessed in the $#data variable!