REST Interface Template
The template defines the parameters for connecting to a REST service.
Refer to the common template parameters.
Template Parameters
| Parameter | Type | Description |
|---|---|---|
| Url | Internal | The IP or url on which the REST service is running. It is recommended to specify the root of the service. |
| REST Standard | External | The standard implemented by the REST service. At the moment only JSON:API is partially implemented to support paging. If no standard is implemented you can leave this field blank. |
Basic Authentication Parameters
Most REST services require some form of authentication. If the service requires basic authentication you must specify the username and password fields. Do not use in combination with the OAuth fields. From the moment the OAuth Client Url field is set, OAuth authentication will be applied.
| Parameter | Type | Description |
|---|---|---|
| Username | External | The username to use for authenticating to the service. |
| Password | External | The password of the user. |
OAuth Parameters
Most REST services require some form of authentication. If the service requires an access token and the service is OAuth 2.0 complaint, you should configure the following fields. Do not use in combination with the Username and Passwords fields. From the moment the OAuth Client Url field is set, OAuth authentication will be applied.
| Parameter | Type | Required | Description |
|---|---|---|---|
| OAuth Client Url | External | Yes | The full URL of where to fetch the access token. |
| OAuth Grant Type | External | Yes | The grant type which in most cases should be set to `client_credentials`. The default parameter which is send to the OAuth provider is `grant_type`. If this is different you can override this by separating it with a semicolon: `my_grant_type;client_credentials`. |
| OAuth Client ID | External | Yes | The client id to authenticate on the OAuth service. The default parameter which is send to the OAuth provider is `client_id`. If this is different you can override this by separating it with a semicolon: `my_client_id;abcdef123`. |
| OAuth Client Secret | External | Yes | The client secret to authenticate on the OAuth service. The default parameter which is send to the OAuth provider is `client_secret`. If this is different you can override this by separating it with a semicolon: `my_client_secret;abcdef123`. |
| OAuth Scope | External | No | The authentication scope for OAuth. Optional. The default parameter which is send to the OAuth provider is `scope`. If this is different you can override this by separating it with a semicolon: `resource;user.profile.read`. |
| OAuth Use On Behalf Of | External | No | Set to true to use the [on-behalf-of flow](xref:security.on-behalf-of.index) which will cause the request to be done with the user's identity making use of delegation and OBO tokens in Microsoft Entra. |
Certificate
Most REST services require some form of authentication. If the service requires a certificate, you should configure the following fields. From the moment the 'Certificate PEM Path' and/or 'Certificate Key Path' fields are set, the certificate will be applied.
| Parameter | Type | Required | Description |
|---|---|---|---|
| Certificate PEM Path | External | Yes | The path to the PEM file (e.g.: E:\Cert\Certificate.pem) or the subject of the certificate in the local personal machine store. |
| Certificate Key Path | External | Yes | The path to the Key file (e.g.: E:\Cert\Certificate.key). Leave empty if you use a certificate out of the local machine store. |
Reference Tokens & Introspection
Services that authenticate using opaque tokens (or reference tokens) are supported. When the REST interface encounters an access token without expiration date, it will send out a request to the /introspect endpoint with the current access token. The introspection url is formed from the OAuth url set in the profile. For example: https://service.com/oauth/token becomes https://service.com/oauth2/introspect.
If successful, the Ometa Framework will cache the access token until it is expired and reuse it when possible.
Example
The following example shows the profile for connecting to a TODO's REST service.
| Parameter | Value |
|---|---|
| IP | localhost |
| Port | 2002 |
| Url | https://jsonplaceholder.typicode.com/todos |
| Username | |
| Password | |
| REST Standard | |
| OAuth Url |