Set up access to Application API (IIS)

After you have created API endpoints, you can access data in Intrexx externally, via a smartphone app, for example.

Authorization is required to access the Intrexx Application API. This will only be done against Intrexx. It is not possible to use the Windows authentication integrated in the IIS is for authorization in the Intrexx Application API.

The following is a description of how to proceed if you are using IIS with built-in Windows authentication.

Baseline scenario

This description is relevant for you under the following conditions:

  • You are running Intrexx under Windows.

  • You are using IIS (Internet Information Service) as the front-end web server.

  • You are using the Windows authentication built into IIS.

  • You are using the Intrexx Application API.

(Compare also the sections Intrexx architecture and Windows - Configure IIS (Internet Information Services)))

Authentication to the Intrexx Application API

Authentication to the Intrexx Application API is not possible via the Windows authentication integrated in the IIS. Instead, you must set up anonymous access for the Intrexx Application API in the IIS. In this case, the authentication only takes place against Intrexx. This is possible either via the API key (Authentication via API keys) or via the API login (Authentication via API login endpoint and cookies (without API key))).

Key steps

  • Create directories in the portal directory

  • Define settings for authentication in IIS

  • Adapt the web.config file belonging to the portal

  • Adapt the applicationHost.config file belonging to Windows

  • Delete the previously created directories in the portal directory

Set up anonymous access in IIS

Step-by-step guide

To set up anonymous access to the Intrexx Application API in IIS, proceed as follows:

  1. Start the windows explorer.

  2. Create the directory "api" in the portal directory under "external > htmlroot" and create the directory "app" in the api directory.

    The directory structure should look like this:

    <intrexx-installation-directory>\org\<portal directory>\external\htmlroot\api\app

  3. Start IIS.

  4. Highlight the "api" directory .

  5. Double-click on "Authentication" .

    You will reach "Authentication".

  6. For "Anonymous Authentication", set the status to "Enabled".

  7. Set all other authentication entries to "Disabled".

  8. Proceed in the same way as the "app" directory.

  9. Go back to the window explorer.

  10. Change to the <intrexx-installation-directory>\org\<portal directory>\external\htmlroot directory.

    web.config

  11. Open the "web.config" file.

  12. Add the following code to the file before the closing tag </configuration>:

      <location path="api"> <!-- relative to where the web.config file is located -->
      <system.web>
        <authorization>
          <allow users="*" />
        </authorization>
      </system.web>
      <system.webServer>
        <security>
          <authentication>
            <windowsAuthentication enabled="false" />
            <anonymousAuthentication enabled="true" />
          </authentication>
        </security>
      </system.webServer>
  </location>

  13. Then save the file.

  14. Switch to the %WinDir%\System32\Inetsrv\Config directory.

    ApplicationHost.config

  15. Open the ApplicationHost.config file.

  16. Set the following properties of the <sectionGroup name="security"> or <sectionGroup name="authentication"> from "Deny" to "Allow":

    <section name="access" overrideModeDefault="Allow" />
<section name="anonymousAuthentication" overrideModeDefault="Allow" />
<section name="windowsAuthentication" overrideModeDefault="Allow" />

  17. Then save the file.

  18. Restart IIS.

  19. Delete the "api" and "app" directories previously created in the portal directory at "external > htmlroot".

More information