Configure Users

Each configured share can limit a clients access to the API data. Furthermore, as the data provided by the API may differ depending on the authentication credentials provided, Api2File is capable of providing extremely fine-grained control over the data a user gets access to.

No configuration

If no configuration is provided for user access control then all clients will receive the same data when downloading files. All the API access will be done anonymously (without providing credentials to the API during the request for data).

By providing no user-auth entries, all clients are granted access to the share.

This is the easiest but also the most limiting method of retrieving data from the APIs as it is limited to completely public, free-use APIs.

User-Auth

The user-auth field is a map of user ids -> credential definitions. User ids support simple wildcards, meaning multiple clients can be configured with a single entry.

Client user ids are matched in a top-down manner, meaning more specific entries should appear higher in the map than generic entries.

The credentials specified in the configuration are for the API access only. The client's network credentials are never available to Api2File.

The fallback

If a client does not match any of the defined user-auth they will be denied access. To override this behaviour specify the default-user-auth field.

In a nutshell, this enables a set of credentials to be delivered to the API for all users that aren't covered by other user-auth rules.

By providing no user-auth rules, apart from the default-user-auth, all clients of the UNC share will have the same credentials provided with the request.

Example: Denying Access

Use deny: true to prevent a client from accessing API data.

In this example, the client with user id domain\john will not be able to access the data. All other clients are served data from the API anonymously.

- share-name: "unc-share"
  file-name: "api-data.json"
  target-api:
    ...
  user-auth:
    domain\john:
      deny: true
  default-user-auth:
    type: none
Example: default-user-auth

Passing credentials to an API without specifying individual users.

All users have the same fixed-user:fixed-password credentials passed with the request.

- share-name: "unc-share"
  file-name: "api-data.json"
  target-api:
    ...
    default-user-auth:
      type: basic
      basic:
        username: fixed-user
        password: fixed-password
Example: user-auth and default-user-auth

The domain\john user causes the API to be passed the john credentials. All users other than domain\john get default credentials. 

- share-name: "unc-share"
  file-name: "api-data.json"
  target-api:
    ...
    user-auth:
      domain\john: 
        type: basic
        basic:
          username: john
          password: johns-password
    default-user-auth:
      type: basic
      basic:
        username: fixed-user
        password: fixed-password
Example: user id wildcards

Use * & ? to specify wildcards in user ids. * matches zero or more characters, ? matches zero or one character.

In this example the more specific entries appear first, meaning the client user id will be evaluated against domain\jo?n before domain\*. Users not in domain domain are not matched and will be refused access to the data.

The clients domain\jon, domain\john and domain\joan would all match the first mapping and use the john credentials in their request.

- share-name: "unc-share"
  file-name: "api-data.json"
  target-api:
    ...
    user-auth:
      domain\jo?n: 
        type: basic
        basic:
          username: john
          password: johns-password
      domain\*:
        type: basic
        basic:
          username: fixed-user
          password: fixed-password
< Previous topic
Configure Transforms
 
Next topic >
Configure AppSettings