robchur

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)

  • Problem solved.

    We have misunderstood the purpose of ‘allowed hosts’ screen. The purpose is to define which client (IP address or FQDN) is authorized to make a call to WebAPI. If the client is not listed then the server will return a 401.

    OMHO: using a white list of IP addresses for security is pretty weak as spoofing an IP address if fairly simple to do. However, the current implementation using a combination of both Address and API_Key, so assuming you are using SSL and manage your keys, you should be good.

    @ka2 I would be happy to create a draft english manual for web api if you would like.

    I am getting the same problem. I believe the 401 indicate an authentication error. Its not clear what credentials need to be provided and by what method.

    I will post back here if I have any luck determining.

Viewing 2 replies - 1 through 2 (of 2 total)