Parent Topic: Hosting and Monitoring Published Web Services
You can use Secure Sockets Layer (SSL) encryption, user and group permissions, and API keys to establish secure communication between Web clients and LabVIEW Web services.
Complete the following procedures to establish the different methods of Web services security:
You can require a specific permission for the following types of files:
Complete the following steps to configure a Web service to accept only HTTP requests from Web clients with valid permissions:
A Web client must provide a valid username and password whenever the client submits an HTTP request for a file protected by permissions. The username and password must correspond to a user in the NI Web-based Configuration & Monitoring utility that has been granted the same permission added for the HTTP method VI or public static file.
Use the OpenHandle VI to provide a username and password for HTTP requests made by a Web client built in LabVIEW.
You also can use API keys to restrict which clients can send HTTP requests to HTTP method VIs. An API key is a string of seemingly random characters that consists of two parts, an access ID and a secret ID. The access ID works similarly to a username, and the secret ID works similarly to a password intended only for authorized clients.
You can configure a single API key that applies to all Web services running on any web server, including the Application Web Server, web servers for embedded applications, and the Web service debugging server. You first must configure an access ID and secret ID for the Web Server to generate API keys. Then you must enable API key security for each URL mapping that you want to protect.
To establish an access ID and secret ID on the Application Web Server, launch the NI Web-based Configuration & Monitoring utility and navigate to the Web Server Configuration page. Use the Web Services API Key tab to generate, apply, and reset API keys.
Complete the following steps to enable API key security for an HTTP method VI in a Web service:
When you establish an API key and enable that API key for an HTTP method VI, any HTTP request from a Web client that corresponds to the VI must contain the correct API key. You can use the SetAPIKey VI to configure a Web client built in LabVIEW to provide an API key when making HTTP requests.