OAS Configuration API

Authentication

The Open Automation Software platform uses Security Groups and Users to manage authentication and authorization. You can create a user with a username and password to act like an API key and then assign a custom security group to this user to limit access to the API to a restricted set of operations.

To learn more about security groups and users see the Getting Started – Security guide in the Knowledge Base.

Tips

The OAS Configuration API does not currently support creating security groups and users using the API. To configure these you will need to use the Configure OAS application.

Overview

The OAS platform includes two security groups by default: Default and Admin.

The Default security group is a fall-back security group for unauthenticated API calls. If you do not use the LogIn method to provide a username and password before calling an API method, then the OAS engine will use the permissions of the Default security group to make the request.

Warning

If you give the Default security group any permissions or leave the Enable All Features checkbox enabled then anyone will be able to make API calls and make changes to the OAS platform.

The Admin security group is assigned to the user that is created when using the AdminCreate utility to set the initial OAS platform admin account password. This security group has all permissions enabled by default.

You can create additional security groups using the Configure OAS application and then create users and assign the security groups to users.

To use a particular user account, the OAS Configuration API provides a LogIn and LogOff method for authentication. These credentials will be used for all API calls.

LogIn

Use the LogIn method to set the username and password that is used when making API requests.

When using the LogIn method, the username and password is not validated immediately. If an invalid username or password is used an error result will be returned on the next API call.

Example:

oasConfig.LogIn("api_username", "api_key");

LogIn with Validation

Use the LogInWithValidation method to set the username and password that is used when making API requests.

public bool LogInWithValidation(string UserName, string Password, string NetworkNode, string RemoteSCADAHostingName, ref string ErrorString)

Example:

var error = string.Empty;
var authResult = oasConfig.LogInWithValidation("api_username", "api_key", "localhost", string.Empty, ref error);

if (!authResult)
{
    Console.WriteLine(error);
}

LogOff

Use the LogOff method to clear the user credentials.

public void LogOff()

Example:

oasConfig.LogOff();