Securing API Requests
Guidelines for implementing integrated Advantage APIs.
When implementing Advantage integrated API and require security, the suggested MessageHandler is . This enables advanced control over authentication and request processing, leveraging core Advantage features such as:
- - Access domain information.
- - Retrieve language settings.
- - Manage database connections.
- - Access module engine for advanced functionality.
Implementing MessageHandler for AdvantageAPI
To secure requests for BusinessObjects exposed via the AdvantageAPI you should use the implementation of AdvantageSecureContentControllerHandler abstract class Below is a stub implementation
namespace AdvantageCSP.WebAPI.Handler { public class MySecureMessageHandler : AdvantageSecureContentControllerHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { // Custom logic for security validation // Example: Validate specific headers, tokens, or API keys // Ensure you authenticate and set user identity here return base.SendAsync(request, cancellationToken); } private bool ValidateRequest(HttpRequestMessage request) { // Example validation logic return true; // Replace with actual validation logic } } }
This handler ensures that only authenticated and authorized requests are processed by the specified controllers. Replace the stubbed logic with your specific implementation.
Registering API Routes in Global.asax
To securely handle API requests, you need to register the API routes and attach a custom handler during the event.
public override void Application_Start(object sender, EventArgs e) { // Default routing for AdvantageCSP API calls securely // Implement an AdvantageSecureContentControllerHandler with your logic to aceess the API securely AdvantageAPIRouting(new MySecureMessageHandler()); base.Application_Start(sender, e); }