Security and authentication oData

The Syfadis Web API requires authentication in order to be used.

Currently, this is done via the so-called Basic Auth method, which transmits the password in plain text. For this reason, we recommend using an encrypted connection (HTTPS).

The usable user/password pairs are defined within the Syfadis LMS itself.

The password must verify several conditions:

• Contain at least 15 characters

• Contain at least 1 digit

• Contain at least 1 uppercase letter

There cannot be 2 users with the same login on a given application.

A privilege is required to be able to set up users of the OData Web API.

This privilege can be found in the Configuration > System > API Access Privileges > Set API Access Privileges.

The Web API user administration page can be accessed via the Configuration > API Access Privileges menu.

Use this page to assign read/write privileges to entities defined in the $metadata.

Privileges can be changed line by line with the Enable all and Disable all buttons, or more finely with the View this privilege button.

All requests and information transmitted by the web service are case-sensitive.

The types of possible error answers:

• 401 Invalid username or password: Authentication failed because the pair [login, password] is not recognised

• 401 Unauthorized: The server refused to process the request because the API user does not have the necessary privilege, or the Basic authentication mode is not enabled on IIS.