According to the Rest data interface>Authentication docs, which outlines the requests for authenticating with the REST API, while it’s not recommended, „In case you need direct access without authentication, the authentication can be deactivated in the HMI Webserver“.
In my project, under HMI Web Server>Security I set "Enforcement of user levels to „None“.
I am able to obtain a bearer token using the methods outlined in the docs when the „Enforcement of user levels“ is set to „PLCnext user management“.
My question is: Can the REST API be used while not using user and password authorization? If so, what does the request procedure look like instead of obtaining a bearer token as outlined in the aforementioned documentation?
If you try to access variables via the REST API without a bearer token when the „Enforcement of user levels“ is set to „PLCnext user management“, you get an „access denied“ response, e.g.:
{
"apiVersion": "1.10.0.0",
"projectCRC": 1380963374,
"error": {
"code": 401,
"details": [
{
"domain": "authorization",
"reason": "accessDenied"
}
]
}
}
If you send the same REST request when the "Enforcement of user levels" is set to "None", you get a good response - access is not denied, e.g.:
{
"apiVersion": "1.10.0.0",
"projectCRC": 3318793479,
"userAuthenticationRequired": true,
"variables": [
{
"path": "Arp.Plc.Eclr/MainInstance.MyInt",
"value": "1785"
}
]
}