This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.
LogicMachine ForumLogicMachine eco-systemScripting v
Auth via URL for a custom app API

Threaded Mode
Auth via URL for a custom app API
Ceros2112 Offline
Member
Posts: 65
Threads: 23
Joined: Sep 2022
Reputation: 2
#1
01.06.2026, 15:01
Hello,

I'm building a custom app with a simple UI that stores some data in a database table but also needs to act as a server that passes those data in JSON format to other lm5s with a custom API request.

As the app is the endpoint of that http request, I need to authenticate my client to be able to access the app but I can't simply pass user:password in the url, right?

Is there a way to do it?

Thank you for your help
Find
Reply
admin Offline
Administrator
Posts: 8819
Threads: 48
Joined: Jun 2015
Reputation: 503
#2
02.06.2026, 11:01
Basic auth (user:password) can still be used. But the Authorization header must be sent explicitly without expecting a WWW-Authenticate header first.
Find
Reply
Ceros2112 Offline
Member
Posts: 65
Threads: 23
Joined: Sep 2022
Reputation: 2
#3
03.06.2026, 08:01
Thank you but I tried (with a dedicated user, not admin) and it replied with:
- redirect to login when not using any auth (as expected)
- 400 bad request when using basic auth
- redirect to login when using basic auth but with wrong credentials

Request:
Quote:GET /apps/data/vacanze/api.lp HTTP/1.1
Host: 192.168.0.10
Authorization: Basic YXBpOlRlc3RfUGFzc3dvcmQx
User-Agent: curl/8.13.0
Accept: */*

Reply:
Quote:HTTP/1.1 400 Bad Request
Date: Wed, 03 Jun 2026 07:55:55 GMT
Content-Type: text/html
Content-Length: 122
Connection: close
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws://192.168.0.10 wss://192.168.0.10; img-src * data:
Set-Cookie: x-login=1; Path=/; HttpOnly; SameSite=Strict
X-Content-Type-Options: nosniff
Permissions-Policy: autoplay=self,fullscreen=self
Referrer-Policy: same-origin

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
</body>
</html>

Reply with wrong credentials:
Quote:HTTP/1.1 302 Moved Temporarily
Date: Wed, 03 Jun 2026 07:57:19 GMT
Content-Type: text/html
Content-Length: 110
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws://192.168.0.10 wss://192.168.0.10; img-src * data:
Set-Cookie: x-login=0; Path=/; HttpOnly; SameSite=Strict
Set-Cookie: x-session=; Path=/; HttpOnly; SameSite=Strict
Location: /login?err
X-Content-Type-Options: nosniff
Permissions-Policy: autoplay=self,fullscreen=self
Referrer-Policy: same-origin

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
</body>
</html>
Find
Reply
admin Offline
Administrator
Posts: 8819
Threads: 48
Joined: Jun 2015
Reputation: 503
#4
03.06.2026, 13:17
Add Origin header to your curl request:
Code:
-H "Origin: http://192.168.0.10"
Find
Reply
Ceros2112 Offline
Member
Posts: 65
Threads: 23
Joined: Sep 2022
Reputation: 2
#5
03.06.2026, 14:25
Thank you
Find
Reply


Forum Jump: