Securing the CData API Server

An API Server is a lightweight Web application that produces an OData feed for 80+ data sources. The API Server often stores, modifies, and accesses sensitive information that should remain securely controlled. This document outlines some of the provisions that an API Server supplies to secure connections between end-users and the host environment.

Enable SSL

SSL encrypts communications channels of data between a client and server. SSL mitigates eavesdropping and tampering. Through the use of digital certificates, SSL offers facilities for verifying the confidentiality and authenticity of data.

To enable SSL on your server, follow the instructions for your host environment.

Note: You will also need to ensure that your firewall is configured to allow connections to the port where the API Server accepts SSL connections.

Enable SSL in the Stand-alone Server

The Windows edition of the API Server is hosted by default in a stand-alone server or in IIS. Follow the steps below to secure connections to the API Server with the stand-alone server.

  1. Open the API Server Server Options dialog: Right-click the API Server icon in the Windows system tray and click Server Options.

  2. Select the Enable SSL checkbox and then click the button next to the SSL Server Certificate field to select a certificate.

  3. In the dialog listing the certificates in your system store, select the certificate.

    You also have the option to create your own self-signed certificate with the Create Certificate button at the bottom.

You are now running CData API Server over HTTPS.

You may want to consider disabling plain-text access in the dialog.

Enable SSL in IIS

The following steps assume you already have a certificate you can use to enable SSL on your server.

  1. In IIS Manager, select your server's node in the Connections pane and then click in the Actions pane.
  2. In the dialog that pops up, click Add and select a server certificate in the drop-down menu.
  3. Select the server node in the Connections pane and double-click the SSL Settings icon in Features view. Enable the Require SSL checkbox.

Enable SSL in Java Web Servers

To enable SSL in the Java edition, you must generate a certificate and modify the server configuration. See the documentation for your Java Web server.

Authenticate Using Authtokens

Authtokens are useful for automating or integrating with other processes. Authtokens are unique identifiers that authenticate authorized users to run services. Authtokens also represent the current permissions for the user.

Authtokens can be provided as the password in Basic authentication, in the "x-cdata-authtoken" header, or in the @authtoken query string parameter. Note that including the authtoken in the query string is not secure unless SSL is enabled.

To manage API users, click Settings -> Users in the API Server administration console.

You will find example requests to services and more information in the API section of the API Server administration console.