Introduction
In this guide, we will focus on one of Empress’s key features: Token-Based Authentication. This is a security technique that authenticates users who attempt to access a server, validating their security tokens and processing their requests. As a developer, understanding this feature is imperative for the secure and efficient operation of any application.
Introduction to Token-Based Authentication
Traditionally, applications have confirmed user identity through session cookies, relying on server-side stored session IDs. However, this approach necessitates the creation of session storage unique to each server or a separate session storage layer, increasing the load on your server.
Token-Based Authentication is a modern, efficient solution to this problem. Instead of session IDs, this feature uses tokens, significantly reducing server load and streamlining user authentication. This feature is available from Empress v11.0.3 onwards.
Advantages of Token-Based Authentication
Token-Based Authentication empowers developers with full CRUD (Create, Read, Update, Delete) operations using tokens. Once generated, these tokens authorize individual requests made by users to your application. This robust feature allows authentication for both RPC (Remote Procedure Call) and REST API (Representational State Transfer Application Programming Interface), enhancing the flexibility and security of your application.
Generating a Token
A token is a combination of an API Key and an API Secret. The API Key identifies the user, while the API Secret validates the request. You can generate these components in the following ways:
- RPC:
/api/method/frappe.core.doctype.user.user?user="user_name" - Command:
bench execute frappe.core.doctype.user.user --args ['user_name'] - Web:
User -> Api Access -> Generate Keys
Please refer to Guides / Integrations / Rest Api / Token Based Authentication to understand how to use the token in an API request.
Important Notes
- API Key cannot be re-generated.
- Only users with system manager role can generate keys.
These constraints are in place to ensure the secure and efficient operation of Token-Based Authentication.
Conclusion
Token-Based Authentication is an invaluable feature in Empress, essential for developers to secure and optimize their applications. This guide has covered the key functionalities and advantages of this feature, enabling developers to effectively integrate and utilize it in their software development and customization. By leveraging Token-Based Authentication, developers can significantly enhance the security and performance of their applications, contributing to the development of robust and efficient business solutions.