Authorization for requests to services

Authorization to access services can be done in the following ways:

  • Without authorization
  • With account
  • With token
  • Oauth2

Services without authentication

To implement the operation of the service without authentication, it’s necessary to set its vaue to none in the authMode setting in deploy.json

{
  "modules": {
    "rest": {
      "globals": {
        "authMode": {
          "echo": "none"

The request to the service will not require authentication, example of request curl https://dnt.iondv.com/rest/echo

An example of a request to a service without authentication in dnt: test/modules/rest/echo.spec.js

/Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth

Services with a standard account authorization mechanism

All services use the standard authorization mechanism by default, which implies the transfer of credentials in the header:

  • by authorization via basicAuth, example

    curl -u demo@local:ion-demo https://dnt.iondv.com/rest/simple

    an example of a request with Basic Auth authorization in develop-and-test (dnt): test/modules/rest/echopwd.spec.js

    /Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the basicAuth

  • by passing credentials in the request headers

    curl -H "auth-user: demo" -H "auth-pwd: ion-demo" -H "auth-user-type: local" https://dnt.iondv.com/rest/simple

    or

    curl -H "auth-user: demo@local" -H "auth-pwd: ion-demo" https://dnt.iondv.com/rest/simple

    an example of a request with authorization credentials in the header in dnt: test/modules/rest/echopwd.spec.js

    /Checking echo-pwd service/# Requesting echo-pwd GET/check if the request can be made using the headers auth

Services with token authentication

Token authentication is used to exclude the constant transfer of an account in requests. Tokens are limited in their lifetime.

To implement the service operation with authentication with a token, you have to set the token value in the authMode setting in the deploy.json

{
  "modules": {
    "rest": {
      "globals": {
        "authMode": {
          "echo-token": "token"

Authentication through a token is performed by sending the token value in the auth-token request header

curl -H "auth-token: c369a361db9742e9a9ae8e9fe55950a571493812" http://dnt.iondv.com/rest/echo-token

an example of a request with authorization via a token in dnt: test/modules/rest/token.spec.js

/Checking token service/# basicAuth authorization with admin rights/# check if the generated token is valid (basicAuth) (using echo-token)

Learn more about getting a token: Getting token

Proxy client to access the module functions without getting a new token.

Services with OAuth 2 authentication

To implement the service with oauth2 authentication, you have to first enable it in deploy.json plugin of the form

"oauth": {
        "module": "lib/oAuthAdapter",
        "options": {
          "auth": "ion://auth",
          "dataSource": "ion://Db"
        }
      }

then you can set the service to oauth in the setting auth_mode:

{
  "modules": {
    "rest": {
      "globals": {
        "authMode": {
          "echo-oauth": "oauth"

oauth2 specification is available at: https://oauth2-server.readthedocs.io/en/latest/index.html

This type of authorization is used to provide a third party with limited access to user resources without having to provide a username and password. Requests for access are made in the following order:

  1. From the user’s side, we get a cookie with session id:

    curl -X POST --cookie-jar 1.txt -d username="demo@local" -d password="ion-demo" http://dnt.iondv.com/auth

  2. Using an authorized session we allow ext@system client the requests on our behalf:

    curl -X POST --cookie ./1.txt "http://dnt.iondv.com/oauth2/grant?client_id=ext@system&response_type=code&state=123"

    The response will contain the code parameter.

  3. Now using code you can get a token:

    curl -X POST -d grant_type="authorization_code" -d code="<code>" -H "Authorization:Basic ZXh0QHN5c3RlbTppb24tZGVtbw==" http://dnt.iondv.com/oauth2/token

    in the Authorization header, enter Basic <client_secret> client code. The response will contain access_token.

  4. For requests on behalf of the user in services with oauth2 authorization, you can now log in using access_token:

    curl -X POST -H "Authorization:Bearer <access_token>" http://dnt.iondv.com/rest/echo-oauth

an example of a request to a service with oauth2 authorization in dnt: test/modules/rest/echooauth.spec.js

/Checking echo-oauth service