TM1 Forum

Hi,

In case you came across an issue getting REST API CAM Authentication working in PA Cloud (404 unauthorized error), here are some tips (using Postman):

1. Set Authorization: No Auth. Postman will automatically set Authorization header to Basic otherwise
2. In Headers, add a new "Authorization" key
3. Use Base64 (https://www.base64encode.org/), put your non-interactive PA cloud account details in as followed: user:pw:namespace. Hit encode
4. Use encoded string as value for the "Authorization" key, e.g CAMNamespace YmtsLXByb2QwMV90bTFfYXV0b21hdGlvbjpkYU81NGJzUjJxdXp4NzpMREFQ


From what I have read, REST API CAM Authentication calls must be encoded in Base64

Hope that helps!

Regards,

Evgeny

Hello,
As I know Base64 is an encoding tool, not encrpytion tool.
Is there any way to encrypt password in REST API CAM authentication rather than Base64 encoding?

Yes, encoding and encrypting are too different things.
No, I'm not sure re encryption of CAM password, but something to investigate when I have free time

Another good resource is Mastering the TM1 REST API with Postman by Cubewise

If you are utilising Postman then I'd recomend The TM1 Rest API collection for Postman as a solid starting point

Thanks.

Does this method differ from CAM authentication when the installation is on premise ?
Put differently, can this only be used for a cloud setup or for all CAM authentication cases ?

Wim Gielis wrote: ↑Thu Dec 12, 2019 10:49 am Thanks.

Does this method differ from CAM authentication when the installation is on premise ?
Put differently, can this only be used for a cloud setup or for all CAM authentication cases ?

You can use this method for on-premise as well. For on-premise, you aren't restricted to only using the LDAP namespace and non-interactive account: you can use any user's username/password.

ascheevel wrote: ↑Thu Dec 12, 2019 2:30 pm You can use this method for on-premise as well. For on-premise, you aren't restricted to only using the LDAP namespace and non-interactive account: you can use any user's username/password.

Thank you, I will experiment and try to get it working.

Got it working, thank you.
At least, this saves some work (for what I use the REST API) to open a TM1 model with IntegratedSecurityMode = 1,
execute REST API calls, return back to integratedsecuritymode = 5 e.g.

My24 wrote: ↑Thu Dec 12, 2019 6:10 am Is there any way to encrypt password in REST API CAM authentication rather than Base64 encoding?

To encrypt those credentials just make sure you're sending requests to the REST API over HTTPS and NOT HTTP. That is the basic difference between encrypting or not.

Setting UseSSL=T in TM1S.CFG will force you to use HTTPS: that ensures you can't send unencrypted REST API requests (including login credentials) and it also won't allow the TM1 Server to send REST API response data to you in an unencrypted form.

Using HTTP is fine if you're doing some quick REST API testing and don't want to deal with the SSL certificates required by HTTPS (which can be a little painful depending on the tool being used), but if you're doing more than quick local testing you should make sure your REST API calls are using HTTPS.