This is an old revision of the document!

Secure

The Secure option is used to restrict access to only SSL/TLS (or https) traffic.

It's common to protect all API endpoints - particularly those that authorise access - with the requirement that they are secure.

Set the value to '1' to enable the rule.

Example

{
   "paths": {
      "/api/": "sslrequired"
   },
   {
       "sslrequired": { 
            "type": "open",
            "secure": 1
        }
   }

In the example above, all URLs inside the 'api' folder are openly available, but must be accessed via SSL. Reading with a normal http request will result in an 'Access Denied' message.

Advanced Example

{
   "paths": {
      "/api/": "sslrequired"
   },
   {
       "sslrequired": [[{ 
            "type": "open",
            "secure": 1
        }],[{
            "type": "open",
            "demote": "reader"
        }]]
   }

This version allows you to call API functions via normal HTTP protocol, but it will not allow you to write data - the insecure user will automatically be demoted to a 'reader' and not be able to edit, delete or rename ARDI assets.

Alternate Methods

Note that you can also simply disable access to ARDI on port 80 to force all connections to be secure.

ARDI Admin Guide

SYSTEM

DATABASES/SITES

USERS

ADMINISTRATION

ASSET BASICS

PROPERTIES

RELATIONSHIPS

SPECIAL RELATIONSHIPS

ASSET DETAILS

ENVIRONMENTS & 3D TOPICS

ASSETS & 3D

IMPORT/EXPORT

FEATURES

REPORTS

HOWTOS

ADVANCED

—-

Other Documentation