Thanks Hans, I will plan to include this change for the exportable services as well.
There is also OFBIZ-11995, where more RESTFul resources can be declared (development is undergoing) and bound to services where I had planned to include declarative authentication. Best Regards, Girish Vasmatkar HotWax Systems On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <h.bak...@antwebsystems.com> wrote: > Hi Girish, > > how about ecommerce? you want to show the products without logging in, > actually all information on the ecommerce frontend? > > so yes, really required..... > > regards, > > Hans > > > On 9/10/20 12:37 PM, Girish Vasmatkar wrote: > > Every REST endpoint, as it is implemented now, is secured by default. I > had > > not thought of a scenario where internal OFBiz services will need to be > > invoked without authentication (externally) > > > > Yes, the services themselves can be specified to NOT require auth but I > had > > always thought that was applicable within internal execution. I may be > > wrong here, so please correct me. > > > > auth and login-required are not taken into account yet, but can certainly > > be, if some exportable services should be exposed as public APIs. > > > > Best Regards, > > Girish Vasmatkar > > HotWax Systems > > > > > > > > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <h.bak...@antwebsystems.com> > > wrote: > > > >> Hi, Girish, > >> > >> thanks again for your last reply it defenity helped, however i have > >> another question. > >> > >> I need to access certain services publicly without a token. > >> > >> I have put auth="false" on the service definition and > >> login-required="false" on the simple-method implementation > >> > >> still i get a 401 response. > >> > >> any suggestions? > >> > >> Regards, > >> > >> Hans > >> > >> >