I am actively using Engine-rest application for all rest queries from my application. Can I follow this approach or should I create my own set of REST api’s do what engine-rest provides? How can I secure the engine-rest to be accesses only from my application or admin user?
Hi @adat,
Using the prebuilt engine-rest application is perfectly fine. Custom REST endpoints make sense when you want to restrict or extend the number of exposed endpoints.
You can implement authentication by adding a servlet filter on top. The application ships already with an implementation for HTTP Basic Auth. Here is the docs entry that describes how you can activate that: https://docs.camunda.org/manual/7.8/reference/rest/overview/authentication/
Cheers,
Thorben
1 Like
Thorben
Thank you. I was confused as some of the It guys who were using the Camunda said that I should not be using the REST api approach and use the easy-rest. If it providing all the features why would someone rewrite it
Thanks,
@adat