Hi,
At the engine side we have few external service tasks, the engine is secured.
I want to subscribe to those external tasks
I am creating the client like this →
camunda.bpm.client:
base-url: http://localhost:8080/engine-rest
Along with this I need to pass header
Can anyone suggest how can I pass that.
Hello @vaishaliarora ,
welcome to the forum. For Basic Auth, it is done like this (I assume you use the spring boot starter external task client):
camunda.bpm:
client:
base-url: http://localhost:8080/engine-rest # The URL pointing to the Camunda Platform Runtime REST API
basic-auth: # Configure if REST API is secured with basic authentication
username: demo
password: demo
For more information about the project, please find the source code here:
If your use case cannot be covered with the starter right now, consider using the “normal” external task client:
I hope this helps
Jonathan
Yeah for Basic auth I am using the same.
But I want to pass some header like “Role”,“id” some headers.
do you know how can I set that here?
Hello @vaishaliarora ,
I am not sure what these headers should help you with. The REST API will not be able to do anything with these as long as you do modify it?
What should be purpose of these headers?
Jonathan
These are for authentication at the engine’s end
Authenticating against what? The engine will just need a username and a password.
so I have added few roles there … if the role in the header matches to the role defined in the engine it should be able to execute the BPMN
This sounds like a custom implementation. Usually, you would assign the user to a group and the group to Authorization objects.
Yeah this is a custom implementation.
I am seeing this sort of error at my client end
Caused by: org.apache.http.client.HttpResponseException: status code: 401, reason phrase: {“timestamp”:“2021-07-14T09:52:32.389+0000”,“status”:401,“error”:“Unauthorized”,“message”:“Required header is missing (x-bpm-role).”,“path”:"/engine-rest/external-task/fetchAndLock"}
In this case, I would suggest you use the “normal” external task client. This client can be configured to also use other kinds of headers. You can find a link in my first response.
okay … I will try that out.
Thanks Lukas 
Hi vaishali
I am facing same issue can you guide me please !
Thanks
Yes Sure,
Can you elaborate a bit about your issue
Hi Vaishali
I wanted to add query-param in base url.
Example:
Suppose My Base Url Is “http://localhost:8080/engine-rest/external-task/fetchAndLock”
I want to add query-param in that .
after adding query-param base url will be “http://localhost:8080/engine-rest/external-task/fetchAndLock?apikey=123wer”
how i can achive this
Thanks
Deepak
Hi @jonathan.lukas,
I tried to configure basic auth this way from within a custom REST spring boot app but I am still getting an unauthorized access error. Do you have an idea what could be the reason?
Hi @hassang ,
have you checked already whether your basic auth works client-wise (the Auth header is appended correctly)? If so, debug the server.
I am sorry I cannot give you a more concrete advice, but from what I see in the source code, this configuration is still valid.
Jonathan
Hi @jonathan.lukas,
I forgot to mention that I am using camunda-engine-rest-client-openapi-springboot and as per the implementation, it looks like the only possible configurations are camunda.bpm.client.base-url and camunda.autoDeploy.*
Hello @hassang ,
this is because the project you mention here is a community project by @BerndRuecker and so unrelated to the “official” spring-boot-starter client.
Here is a complete client that mixes both worlds:
Still, your auth credentials will only count for the external task subscriptions.
If you want the whole client easily configurable like you describe, please contribute to this community project. I think @BerndRuecker will like it 
Jonathan