YOUR STORY PLAYS HERE
Home » Categories » Carousel

Carousel Access Rights in 7.3: what you need to know

Applies To

Carousel 7.3+

Description

Carousel 7.3's API endpoints enforce strict authentication and authorization policies.

The endpoints can be categorized as follows:

  • Allows anonymous: anyone can call this endpoint.
  • Authenticated: a valid Carousel user must be logged in, or the proper credentials must be specified in order for this endpoint to be called successfully.
  • Authenticated and authorized: a valid Carousel user must be logged in, and that user must have the appropriate Carousel Access Rights in order to for this endpoint to be called successfully.

This article focuses on the authentication and authorization aspects of the API, and through a Q&A format tries to give as much information as possible on the subject;

FAQ

Q: How do I know which Carousel Access Rights are required?

A: Open  your_servers_host/CarouselAPI/swagger/ui/index in your browser. In the top right corner, where it says api_key, enter your username:password, and press Explore. Select the endpoint you would like to know more about, then select the verb (Ex: GET). The required access rights are specified under the Access Rights section.

Please note that some of the endpoints represent a higher level of granularity/details that what is exposed in the Carousel user interface, and a typical Carousel user is assigned a Role which comes with many Carousel Access Rights. For example, performing an action such as copying a bulletin may require many different rights. It may not be easy to associate specific actions in the Carousel UI with the individual Carousel API endpoints and their required access rights.

Q: Which authorization mechanism can I use to authorize my API requests?

A: When your browser is logged into Frontdoor it uses ASP.NET's form based authentication. If you are using curl, or another script/code based tool, you may also insert your credentials in basic authorization format as part of the http header.

Q: What happens if I make a request for which I do not have sufficient access rights?

A: You will receive a 403-Forbidden error code back from the server.

Q: How can I compare the Carousel Access Rights in Frontdoor to the ones in Swagger, they're not the same?

A: Frontdoor shows each access right's friendly name while Swagger shows its actual name. Run the following TSQL query in SQL management studio to list all access rights and their friendly name:

SELECT TOP 1000 [AccessRightId]
      ,[ApplicationID]
      ,[Name]
      ,[FriendlyName]
  FROM [FrontDoor50].[dbo].[AccessRights]

Q: The Swagger doc says I need a specific permission, but when I call the endpoint it does not accept my request, why?

A: The Swagger doc is maintained by hand, and must be kept up to date by any developer making changes to the code. Please tell someone from the Carousel team so they can correct the Swagger doc!

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Broadcast Products: End of support for Microsoft Windows XP and Windows Server 2003
Viewed 2507 times since Fri, Jul 24, 2015
Disabling RDA
Viewed 271 times since Thu, Mar 22, 2018
Known Issues With Carousel 7 Installer
Viewed 1075 times since Tue, Mar 7, 2017
My Brightsign Player is showing a black screen
Viewed 5727 times since Tue, Nov 4, 2014
Carousel 7.3.1 Released
Viewed 479 times since Tue, May 22, 2018
Identifying Your Current Version of Windows
Viewed 1713 times since Fri, Aug 21, 2015
How do I update my Carousel software?
Viewed 3085 times since Mon, Sep 22, 2014
Accessing Carousel Rendering Logs
Viewed 1035 times since Wed, Jan 18, 2017
Internet Explorer cannot crop a web picture block.
Viewed 1438 times since Mon, Oct 20, 2014
How to perform a system database migration
Viewed 2159 times since Thu, Jul 30, 2015