OpenHAB
/
openhab-docs
mirror of https://github.com/openhab/openhab-docs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rephrase the authentication section of the REST documentation (#2234) 

* Rephrase the authentication section of the REST documentation

Resolves #2202

* Apply suggestions from code review

Signed-off-by: stefan-hoehn <mail@stefanhoehn.com>

* fix markdown issues

Signed-off-by: Stefan Höhn <mail@stefanhoehn.com>

* fix markdown issues Emphasis style

Signed-off-by: Stefan Höhn <mail@stefanhoehn.com>

---------

Signed-off-by: stefan-hoehn <mail@stefanhoehn.com>
Signed-off-by: Stefan Höhn <mail@stefanhoehn.com>
Co-authored-by: stefan-hoehn <mail@stefanhoehn.com>
pull/2244/head
Marvin Dostal 2024-02-17 13:36:37 +01:00 committed by GitHub
parent 9dbafd6c5c
commit 2115d8d55e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
configuration/restdocs.md
View File

@ -67,8 +67,23 @@ Just log in with an admin user, navigate to `Developer Tools -> API Explorer` an
## Authentication
Starting with version 3, openHAB supports password protection for sensible contents such as parts of the semantic model.
To access this kind of information, the REST API provides the common mechanism [Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) and [OAuth authorization](https://en.wikipedia.org/wiki/OAuth).
Starting with version 3, openHAB supports password protection
- Only _admins_ are able to access and change sensitive parts of the API.
e.g., creating/editing Things, Channels, Items or Scripts.
- _Users_ are able to interact with the end-user parts of the API.
e.g., looking at the state of and interacting with the existing Items.
The setup process of openHAB includes creating an _admin_ account.
This (or any other account that is part of the _admin_ group) can be used for the authentication of the admin APIs.
All the _admin_ accounts are equal in terms of access.
The same is true for _user_ accounts; every _user_ account has equal access to the user APIs.
By default anyone in the LAN will have _user_ access rights.
This behavior can be changed in the `Settings -> API Security -> Implicit User Role`.
If the `Implicit User Role` is disabled, all the APIs need authentication of an _admin_ or _user_ account.
The REST API provides the common mechanism [Basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) and [OAuth authorization](https://en.wikipedia.org/wiki/OAuth).
Both mechanisms can be used out of the box by the most programming languages and frameworks, but with regard to the `curl` examples from above, there are two alternative ways of authenticating yourself:
### With username/password