What types of applications can make RESTful calls to the REST API? What are the differences?
- BarTender Cloud REST API
- Automation subscriptions
When making REST API calls, the application must send a token and be authorized before the API Gateway processes the calls. While both types require a token to pass through the Security Gate, the method of obtaining the token differs.
The two types of applications are:
- Private/Direct Applications - Insomnia, Postman, etc
- Web Applications - custom applications
Private applications, sometimes called direct applications, send an API call directly to the REST API and do not make any extra calls outside of these API calls. Applications like Insomnia and Postman fall into this category.
A direct application uses a token to pass through the Security Gate and make API calls.
The token must be retrieved manually from the Cloud's web interface and can be found under the Cloud API section in your profile settings or Manage Cloud Account:
For direct applications, the security token must be sent with all API calls. In Insomnia, for example, the Auth tab can carry the token. The token is listed as a bearer token (an authorization token given by the message bearer aka from Insomnia). Once you've selected the token option, paste your token in, and it will be carried along with the API message.
Web applications are built in languages such as C# and act as a fully-functioning interface. It allows for user interactions, including logging in to authenticate with the Cloud. These types of applications have extra steps to retrieve a token and ultimately pass through the Security Gate and make API calls. Here's a high-level look at the authorization process.
It looks like so many extra steps, so why choose this over a direct application? The authentication process with the OAuth Identity Provider refreshes the security token on each login and the user never has to deal with tokens directly. Everything is handled by OAuth and the application itself. Then once the application has a valid token, then it can start sending API calls and pass through the Security Gate.
Web applications must be registered on the Cloud itself. This ensures that only authorized applications are allowed to work with the Cloud. Anything unauthorized will be denied access. The registration is located on the Cloud web interface under the Cloud API section in your user profile settings or Manage Cloud Account.
When registering a web application, you'll be asked a number of questions about the application itself. Each field has a short description (save Name and Description, which are pretty obvious) to ensure the right information gets to the right place and the application is properly registered.
All applications will appear on the list under the Web Application Registration section
At launch, there will be several examples of how to write a custom web app and how to spawn the authentication dialog. You can find them and more information in our BarTender Cloud Help here.