Default setup

Access to REST API can be either using Rudder authentication, either unauthenticated, using authentication mechanisms set elsewhere, for instance at Apache level.

Rudder Authentication

By default, the access to the REST API is open to users not authenticated in Rudder.

The method of authentication can be configured in /opt/rudder/etc/rudder-web.properties

rudder.rest.allowNonAuthenticatedUser=true

Apache access rules

By default, the REST API is exposed for localhost only, at http://localhost/rudder/api.

Example 9. Example usage of non authenticated REST API

Unrestricted access can be granted to local scripts accessing to localhost, whereas remote access to the REST API will be either denied, or restricted through authentication at apache level.



User for REST actions

Actions done using the REST API are logged by default as run by the user UnknownRestUser.

To change the name of this user, add following header to the HTTP request:

X-REST-USERNAME: MyConfiguredRestUser

If the REST API is authenticated, the authenticated user name will be used in the logs.