Rest API to authorize login

We are trying to create our own front-end and use OpenMRS as back-end. All the functionality we have developed using Rest API.

I am stuck how to to authenticate and authorize the user? Is there any API to call? And will it generate any token with user privilege?

And also location API can be called with ‘Login Location’ tag without login to the system?

@dkayiwa @darius

1 Like

Hello @kundansinha, Openmrs has a RESTWebservices module which leverage all and allows flexibility for that you might want to check out https://wiki.openmrs.org/display/docs/REST+Web+Services+API+For+Clients

Hi @harisu, I’m looking at something which checks user credentials are valid or not. And I don’t find the article helpful for that.

Well I think that article is helpful in that what you are looking for might just be a security hole if the rest webservice can check for user credentials and let you know someone can easily bruteforce you should just know when the resource you are trying to access is not available or from the response you will get. I think if you follow the authentication part of the doc the right user should be allowed access to the resource you are trying to access or you get 403 response I guess. Thats just a suggestion though. I will experiment and let you know

On the login page when the user enter their credintials how we can query the user table to validate the user using Rest API. @darius @dkayiwa

Did you take a look at this? https://wiki.openmrs.org/display/docs/REST+Web+Services+API+For+Clients#RESTWebServicesAPIForClients-Authentication

1 Like