Authorizing Client Web Application APIs

The C# Client Library allows Client Web Applications to configure a list of accepted keys by setting environment variables on the server(s) hosting an ASP.NET Core web app so that keys can be changed without any downtime. Any environment variable on a host server(s) that starts with "ExtensionToken" will be considered a valid API key by the ExtensionAuthorize attribute. Learn more about changing keys by reading Managing API Keys.

📘

Authorization is done automatically for some methods

If you are using the generic AddHook or AddMerchant extension methods in Startup.cs to create a Process Hook or Merchant then authentication is automatically added to the controllers generated at runtime.

👍

Using the Client Extension?

These environment variables can be set on the host servers in the Deployment Options modal. Learn more by reading Deploying A Build Version


ExtensionAuthorize Attribute


Use the [ExtensionAuthorize] attribute from the DirectScale.Disco.Extension.Middleware namespace to add authorization to controllers in Client Web Applications.

📘

How It Works

For API Requests:

  • This attribute checks the Authorization header of incoming requests for a Bearer Token that matches a valid API Key as described above.

For Pages:

  • This attribute checks the query string for the "pageToken" value and calls the Extension ValidateToken API to authenticate the token.

See an example of how to use the [ExtensionAuthorize] attribute in the code snipping below.

using DirectScale.Disco.Extension.Middleware;
using Microsoft.AspNetCore.Mvc;
using System;

namespace ACMEClientExtension.Controllers.Example
{
    [ExtensionAuthorize]
    [Route("api/example")]
    [ApiController]
    public class ExampleController : ControllerBase
    {
        [HttpPost("testEndpoint")]
        public async Task<ActionResult> TestEndpoint()
        {
          retrun Ok("Hello World!");
        }
    }

Did this page help you?