107 views

REST API authenticates as "guest" user when no authorization is provided



Issue


When using an inbound REST API call with no authorization provided, records are created as the "guest" user.

The system logs, with the REST debugger enabled, start by showing the following entries:
API_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] RESTAPIProcessor : Started initializing REST Request
API_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] URIHandler : Resolving URI: /now/table/incident
API_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] RESTAPIProcessor : URI Resolving Duration duration_micro_secs=296
API_INT-thread-2 SYSTEM DEBUG: #450619 [REST API] RESTAPIProcessor : Finished initializing REST Request
API_INT-thread-2 SYSTEM HTTP authorization validated user 'guest'

 

Symptoms


When making an inbound REST API web service call to the instance, the user is authenticated as "guest".

  • REST API call with no authorization header.
  • REST API call with an authorization header.
  • "guest" user account is used to process the request.

 

Cause


By default, the system property glide.basicauth.required.api is set to true. When this value is false, all inbound REST API calls are processed as the "guest" user.

 

Resolution


Modify the glide.basicauth.required.api sys_properties record and set the value to true.

  1. In the filter navigator, enter sys_properties.LIST.
  2. Search for name = glide.basicauth.required.api.
  3. Update the value from false to true.
  4. Click Update to save the new value.

Article Information

Last Updated:2018-02-06 18:37:02
Published:2018-02-07