Setting up a user and password for web services is crucial for several reasons:

  • Security: It helps protect sensitive data and resources from unauthorized access. By requiring authentication, you ensure that only authorized users can access the web service
  • Accountability: With user authentication, you can track who is accessing the service and what actions they are performing. This is important for auditing and monitoring purposes
  • Data Integrity: Ensuring that only authenticated users can access and modify data helps maintain the integrity of the data. Unauthorized access could lead to data corruption or loss
  • User Experience: Implementing authentication methods like Single Sign-On (SSO) can improve the user experience by allowing users to access multiple services with one set of credentials
  • Compliance: Many industries have regulations that require secure access to data. Implementing user authentication helps meet these compliance requirements

To add user authentication to your httpd.conf file for your IBM i (Apache) Integrated Web Server, you can simply add a few lines to your configuration.

Edit your httpd.conf and change the scriptalismatch loop for the declaration of access to /qsys.lib/webservice.lib to require a user name to be passed:

Example with NO AUTHENTICATION

# Define incoming URI=/webservice/ to call the program (defined in the next part of the URI) in LIB(WEBSERVICE)

ScriptAliasMatch ^/webservice/(.*) /qsys.lib/webservice.lib/$1.pgm
<Directory /qsys.lib/webservice.lib>
  SetEnv QIBM_CGI_LIBRARY_LIST "YAJL;WEBSERVICE"
  Require all granted
</Directory>

Example with USER+PASSWORD AUTHENTICATION

And change this to look like this:

# Define incoming URI=/webservice/ to call the program (defined in the next part of the URI) in LIB(WEBSERVICE)

ScriptAliasMatch ^/webservice/(.*) /qsys.lib/webservice.lib/$1.pgm
<Directory /qsys.lib/webservice.lib>
  SetEnv QIBM_CGI_LIBRARY_LIST "YAJL;WEBSERVICE"
  require valid-user
  AuthType basic
  AuthName "WEBSERVICE APIs"
  PasswdFile %%SYSTEM%%
  UserId %%CLIENT%%

</Directory>

Add USER & PASSWORD to your API Testing Tool:

It's really this simple:

webservice authentication
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>