Openhab2 rest api security

openhab2
Tags: #<Tag:0x00007fe0606135a8>

(Nilesh Pitale) #1

Hi,

We have use openhab runtime. And we have taken domain for our openhab site.So we can access our openhab site like https://www.xyz.com. And this running ok and any user can access this.
But they are also able to access all items and things using rest api like https://www.xyz.com/rest/items.
So user is able change any sitemap items value using rest api which sitemap belong to other user. So we want to credential on rest api.
So, I have google it and found that I can do setting in apache2 reverse proxy. So i did it. And now url for rest api ask username and password on prompt. But its also ask username and password for all sitemap items value change when openhab internally call rest api by own when i use sitemap using openhab site.

So, can you tell me that is there any way, when openhab internally call rest api by own, then it should not ask for username and password. But when any user try to access rest api using directly hit on browser or using other rest api access app, then its should ask username and password.


(Nilesh Pitale) #2

Please reply any one its urgent.


(Vincent Regaud) #3

Please see:

This is NOT a support desk and asking like that is likely to upset people


(Psyciknz) #4

Maybe don’t expose your system to the internet till you figure out a way of securing it properly. Sounds like a recipe for disaster if you ask me,