Setting up a user and password for web services is crucial for several reasons:
To add user authentication to your httpd.conf file for your IBM i (Apache) Integrated Web Server, you can simply add a few lines to your configuration.
Edit your httpd.conf and change the scriptalismatch loop for the declaration of access to /qsys.lib/webservice.lib to require a user name to be passed:
Example with NO AUTHENTICATION
# Define incoming URI=/webservice/ to call the program (defined in the next part of the URI) in LIB(WEBSERVICE)
ScriptAliasMatch ^/webservice/(.*) /qsys.lib/webservice.lib/$1.pgm
<Directory /qsys.lib/webservice.lib>
SetEnv QIBM_CGI_LIBRARY_LIST "YAJL;WEBSERVICE"
Require all granted
</Directory>
Example with USER+PASSWORD AUTHENTICATION
And change this to look like this:
# Define incoming URI=/webservice/ to call the program (defined in the next part of the URI) in LIB(WEBSERVICE)
ScriptAliasMatch ^/webservice/(.*) /qsys.lib/webservice.lib/$1.pgm
<Directory /qsys.lib/webservice.lib>
SetEnv QIBM_CGI_LIBRARY_LIST "YAJL;WEBSERVICE"
require valid-user
AuthType basic
AuthName "WEBSERVICE APIs"
PasswdFile %%SYSTEM%%
UserId %%CLIENT%%
</Directory>
AuthType basic
AuthName "WEBSERVICE APIs"
PasswdFile %%SYSTEM%%
UserId %%CLIENT%%
</Directory>
Add USER & PASSWORD to your API Testing Tool:
It's really this simple: