How to secure embeded camunda rest api

how i can secure embeded camunda rest api in a springboot app, as it apis can be accessed by anyone who get the url, how i can prevent this

You just need to update the authorization settings in the application.yml by default the security is turned off, so you just need to turn it back on.

how i can turn it on ?

Sorry, i meant to post this link with my last comment

1 Like

you meant this
enabled: true ?

I do indeed!
be sure the get the format correct though

    enabled: true
1 Like

i change the yml file but no changes ,
still i get access to end points like this

@khalid.nouh You need to create a filter registration bean and provide an authentication provider like below:


that’s woks thanks @aravindhrs
one question more
if i want to send user and password throw rest api how it should be?
could you give me the correct url with params
on this way

@khalid.nouh You should pass the Basic Auth details in the Http request header.

Sample Postman request:

Curl command:

curl --location --request GET 'http://localhost:8080/engine-rest/engine'  --header 'Authorization: Basic ZGVtbzpkZW1v'

okay but if i want to call it form external rest , will send them as parameters how this

curl --location --request GET 'http://localhost:8080/engine-rest/engine'  --header 'Authorization: Basic ZGVtbzpkZW1v'

Java - OkHttp:

OkHttpClient client = new OkHttpClient().newBuilder()
Request request = new Request.Builder()
  .method("GET", null)
  .addHeader("Authorization", "Basic ZGVtbzpkZW1v")
Response response = client.newCall(request).execute();

Should be part of the request header.

1 Like

okay thanks @aravindhrs too much

What to do Incase I have to pass headers along with that ?