This is an answer to a question on our discord:
Discord Thread

Question

Giantsbane

I have another dev question related to my last. Has anyone got an example of how to programmatically authenticate with a station. My intent is to have an api running within Niagara that can be called from an external application. I’ve been through all the dev docs and am struggling to work it out.

Answer

Trey

The easiest way is to use client certificate authentication:

1. Add ClientCertAuthScheme (it’s in the clientCertAuth palette) to Authentication Schemes under AuthenticationService
2. Set AuthenticationService > SSO Configuration > Auto Attempt Single Sign On to true
3. Create a user, give them the permissions your API will need, and set their AuthenticationSchemeName to ClientCertAuthScheme
4. Create a certificate and add it to your user under the Authenticator property
5. Restart the JettyWebServer under the WebService (it has an action to restart it)
6. Configure your client to send the certificate you created along with requests to the station.

If you want the user to still have the DigestScheme that needs a username and password, then your client will need to use SCRAM (Salted Challenge Response Authentication Mechanism), which is significantly more complicated. There’s a Java code example of a SCRAM client in Doc Developer > Developer Guide > Security > Client Authentication Example