The Original Filemaker Community - Forum
FileMaker News | FileMaker Tutorials | FileMaker Videos

The Leading Filemaker Developer Tools

Password protection and security…

Your Guide to Using the Data API on FileMaker Cloud

Authenticating to the Data API

FileMaker, Inc has introduced a new form of authentication called the FileMaker ID. This is an integrated sign-on system intended to provide more consistent and manageable user authentication on FileMaker Cloud. The credentials are basically a valid email address and a password. The new FileMaker Cloud exclusively uses the FileMaker ID to authenticate users.

Screenshot of login using FileMaker ID

Figure 1 – Logging into FileMaker Pro with a FileMaker ID

Given this, you would expect that you can just use that same email address and password for authentication with the Data API on FileMaker Cloud. However, this is not the case, at least not in a straightforward fashion. The documentation for the FileMaker Cloud Data API indicates you need to provide an authorization header with a FileMaker ID token:

Screenshot of the FileMaker Cloud Data API documentation

Figure 2 – The FileMaker Cloud Data API documentation

In Postman, the login request would look like this:

Screenshot of the postman headers for a Data API login call

Figure 3 – Postman headers for a Data API login call

Using FileMaker ID for External Authentication

We need something called a FileMaker ID token in order to use the Data API. The online help for FileMaker Cloud explains how to get one. Be prepared: it is a complex multi-step process.

In essence it comes down to making the authentication call directly to Amazon Cognito, which is the underlying mechanism that drives FileMaker ID. The help article includes example JavaScript code to make such an authentication call.

A Standalone Web Service

At Soliant Consulting, we wanted to simplify this process and provide you with the necessary code to make these calls. We decided to created a simple Node.js standalone web service that does all the heavy lifting for you. The web service is open source and available from our GitHub page. Because it is a standalone web service, you can integrate this authentication process into any of your automated workflows that require the use the FileMaker Cloud Data API.

When testing, you can use the Node.js web service without having to host it anywhere. Download the project from GitHub and open it in the free VS Code editor. In the Terminal window pane, navigate to the bin folder (“cd bin”) and type in “./www” to launch the web service. It will start listening on port 3000 by default.

Screenshot of starting the web service in VS Code

Figure 4 – Starting the web service in VS Code

Then you can use Postman to make a call: a POST call to the DNS name or IP address of the web service, the right port (which is 3000 in our VS Code example) and the /users endpoint. The body is a simple JSON construct with the FileMaker ID username and password that you want to use to log into the Data API.

Screenshot of the response of a call to the web service

Figure 5 – Response of a call to the web service

Tokens

The response includes three tokens: an accessToken, an idToken, and a refreshToken.

According to the Amazon AWS documentation these tokens represent:

  • The ID Token contains claims about the identity of the authenticated user such as name and email.
  • The Access Token grants access to authorized resources.
  • The Refresh Token contains the information necessary to obtain a new ID or access token.

You can disregard the access token as it serves no purpose for logging into the Data API.

Next, copy the idToken and paste it into Postman Authorization header (making sure to prefix it with “Fmid “ (note the space). When you make the call to the Data API “sessions” endpoint to log into the Data API, you will receive a token that you can use for any subsequent calls to the Data API.

Screenshot of the response of a Data API login call

Figure 6 – Response of a Data API login call

A couple of things to note:

1. With four different tokens involved here, things can get a little confusing. Let’s break down which tokens are involved where:

  • On one hand, we have the FileMaker ID access token, ID token, and refresh token; on the other hand, we have the Data API login token. You need the FileMaker ID token (idToken) to log into the Data API, but you need the Data API token for any other call to the Data API.
  • Your Data API token stays valid for 15 minutes after your most recent Data API call. If you do not make a call to the Data API within 15 minutes of your last call, the Data API token expires.
  • At that point, you can re-use the idToken from the Soliant web service and call the Data API login again to get a new Data API token, but that will work only if that FileMaker ID idToken is less than an hour old. The FileMaker ID idToken expires one hour after it was generated.
  • You can, of course, just use the web service again to get a new idToken. However, you could also use the refresh token you received in the original call. Refresh tokens are valid for 3 years.
  • To use that refresh token, call the Soliant web service again, but use the /users/refresh endpoint. The JSON body to send it includes the username and the refresh token.
Screenshot of the postman call to the web service using the refresh token

Figure 7 – Postman call to the web service using the refresh token

  • The response returns a new idToken to use in a Data API login call that will give you a new Data API token.

2. All of this applies only when you are using FileMaker Cloud. It is not relevant if:

  • you are hosting your files on FileMaker Cloud for AWS or with a 3rd party hosting provider.
  • you have your FileMaker Server installed locally or as a cloud instance in your own AWS, Google Cloud, or Azure account.

Resources

You can leave any suggestions and comments here on this blog post or on GitHub, and as always you can also find us on community.filemaker.com.

On this site we promote, share and showcase material from Soliant Consulting one of the BEST consulting company’s in FileMaker.

We encourage you to visit their site and to inquire about their services. FMT is proud to deliver and promote FileMaker for Small Business Owners Worldwide since 1997. Our Forum The Original FileMaker Forum has 45,700+ members.

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy