I am using OPenHAB 4.0.4 and would like to secure the REST API with an authentication token. This is now also working. However, I noticed the following on the way there:
- There is no reference to the “Scope” in the documentation. What effect does this parameter have?
- The text is missing in the documentation for “System Services” and “API Security”. Also for all other services.
- My REST API was freely accessible despite the token. Only after some searching did I find out that “Settings > System Services > API Security > Implicit User Role” apparently needs to be deactivated.
- When displaying a sitemap, I now receive an error message “SSE subscription failed (401 Unauthorized)”. However, the sitemap should still be accessible without logging in.
How can I restrict protection to the web services using a token?