YOUR STORY PLAYS HERE
Home » Categories » Carousel

Carousel Access Rights in 7.3: what you need to know

Applies To

Carousel 7.3+

Description

Carousel 7.3's API endpoints enforce strict authentication and authorization policies.

The endpoints can be categorized as follows:

  • Allows anonymous: anyone can call this endpoint.
  • Authenticated: a valid Carousel user must be logged in, or the proper credentials must be specified in order for this endpoint to be called successfully.
  • Authenticated and authorized: a valid Carousel user must be logged in, and that user must have the appropriate Carousel Access Rights in order to for this endpoint to be called successfully.

This article focuses on the authentication and authorization aspects of the API, and through a Q&A format tries to give as much information as possible on the subject;

FAQ

Q: How do I know which Carousel Access Rights are required?

A: Open  your_servers_host/CarouselAPI/swagger/ui/index in your browser. In the top right corner, where it says api_key, enter your username:password, and press Explore. Select the endpoint you would like to know more about, then select the verb (Ex: GET). The required access rights are specified under the Access Rights section.

Please note that some of the endpoints represent a higher level of granularity/details that what is exposed in the Carousel user interface, and a typical Carousel user is assigned a Role which comes with many Carousel Access Rights. For example, performing an action such as copying a bulletin may require many different rights. It may not be easy to associate specific actions in the Carousel UI with the individual Carousel API endpoints and their required access rights.

Q: Which authorization mechanism can I use to authorize my API requests?

A: When your browser is logged into Frontdoor it uses ASP.NET's form based authentication. If you are using curl, or another script/code based tool, you may also insert your credentials in basic authorization format as part of the http header.

Q: What happens if I make a request for which I do not have sufficient access rights?

A: You will receive a 403-Forbidden error code back from the server.

Q: How can I compare the Carousel Access Rights in Frontdoor to the ones in Swagger, they're not the same?

A: Frontdoor shows each access right's friendly name while Swagger shows its actual name. Run the following TSQL query in SQL management studio to list all access rights and their friendly name:

SELECT TOP 1000 [AccessRightId]
      ,[ApplicationID]
      ,[Name]
      ,[FriendlyName]
  FROM [FrontDoor50].[dbo].[AccessRights]

Q: The Swagger doc says I need a specific permission, but when I call the endpoint it does not accept my request, why?

A: The Swagger doc is maintained by hand, and must be kept up to date by any developer making changes to the code. Please tell someone from the Carousel team so they can correct the Swagger doc!

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Carousel for BrightSign version 2.1.1 is Released
Viewed 1528 times since Fri, Nov 18, 2016
Internet Explorer cannot crop a web picture block.
Viewed 1377 times since Mon, Oct 20, 2014
Carousel Player showing stale content or not updating
Viewed 3127 times since Mon, Sep 22, 2014
Can I use SSL to protect my signage content?
Viewed 2167 times since Thu, Aug 20, 2015
Video does not display properly on Carousel
Viewed 2981 times since Mon, Jan 4, 2016
What features of Carousel require a Multicast enabled network?
Viewed 1592 times since Tue, Oct 4, 2016
There is a Tightrope Media Systems bulletin I can’t turn off
Viewed 3819 times since Mon, Sep 22, 2014
Carousel - Warranty Options
Viewed 1028 times since Wed, Feb 15, 2017
Known Issues in Carousel 7.0.0
Viewed 1164 times since Tue, Jan 17, 2017