Authentication Methods

There are two possible authentication methods with the Bacula REST-API. One is basic http authentication, and the other is OAuth2 authentication. By default, OAuth2 authentication is enabled.

The recommended form of authentication is done using OAuth2 protocol via a standard “Username and Password” login dialog. After the login the REST-API will use a bconsole.conf configuration file that is specifically defined by the REST-API administrator for each Username, thus permitting various privileges.

If you are running a secure site, it is possible to disable the OAuth2 authentication. However, we do not recommend doing so.

Please be aware that by using restricted Bacula consoles, you can allow certain users to access this REST API and only see data concerning their Client or their Jobs, depending on how you configure the restricted console. However, the code in the REST API that interfaces directly to the Bacula catalog database does not have Bacula access control lists, so we strongly recommend that you do not let untrusted users use the REST API interface directly, or that require untrusted users to use cPanel or some other Web GUI where your program handles the catalog security issues. For more information on the use of restricted consoles with the REST-API, see section Restricted Consoles.

In a future versions, we will implement plugins that will allow you to more easily control data access. For more information and several diagrams please see the Architecture section Architecture.

See also

Go back to:

• Available Requests Methods

Go to:

• Input Data Format

• Output Data Format

• Catalog Category

• Commands Category

• Status Category

• Resource Category

• Configure Category

• Installation

• Configuration

• Advanced Topics

• Manual Installation

• Manual Configuration

Go back to the REST API chapter.

Go back to the main Advanced Features Usage page.