Requests sent to the Qlik Sense Repository Service (QRS) API must be authenticated to a user that has the permissions required to perform the specified operation.
There are a number of mechanisms for authenticating with the QRS API. Each authentication method allows the same set of endpoints to be called. The authentication method you choose depends on your environment and how you plan to use the API.
For examples that show how to connect to the QRS API using these different methods, see Examples.
Authenticating with the server certificate
All services in the Qlik Sense deployment authenticate their communication using an SSL certificate. The same certificate can also be used to authenticate with the QRS API. When you authenticate using this method, you send the requests using the QRS URL.
To authenticate using this method:
- The location where the authentication request originates must have a copy of the client SSL certificate.
- All requests must carry administrator level permissions.
If you plan to access the APIs from a remote server, you must export client certificates from the Qlik Management Console (QMC) and install them on the calling server.
Authenticating with a Windows user account
You can use a Microsoft Windows identity to authenticate requests to the Qlik Sense Repository Service (QRS) API. In this case, you must send requests via the proxy server URL.
When requests are authenticated this way, no certificates are required and the permissions of the Windows user are applied when the connection is made. This method can be used on the Qlik Sense server or to execute code remotely (however, the technology used to make the API call must support Windows authentication).
Authenticating with an HTTP header
You can use a custom HTTP header to authenticate requests. This header contains the user name to be presented to the Qlik Sense Repository Service (QRS) API. In this case, you must send requests via the proxy server URL.
When you use this method to authenticate, requests to the API can be performed on the Qlik Sense server or remotely. You must set up a virtual proxy in the Qlik Management Console to receive the user name via an HTTP header.