Using Engine Rest application


#1

I am actively using Engine-rest application for all rest queries from my application. Can I follow this approach or should I create my own set of REST api’s do what engine-rest provides? How can I secure the engine-rest to be accesses only from my application or admin user?

@adat


#2

Hi @adat,

Using the prebuilt engine-rest application is perfectly fine. Custom REST endpoints make sense when you want to restrict or extend the number of exposed endpoints.

You can implement authentication by adding a servlet filter on top. The application ships already with an implementation for HTTP Basic Auth. Here is the docs entry that describes how you can activate that: https://docs.camunda.org/manual/7.8/reference/rest/overview/authentication/

Cheers,
Thorben


#3

Thorben

Thank you. I was confused as some of the It guys who were using the Camunda said that I should not be using the REST api approach and use the easy-rest. If it providing all the features why would someone rewrite it

Thanks,
@adat