Unlike the versions before 2022, when basic authentication was (kind of) enabled by default, now the situation is quite different.
- Basic authentication now "lives" in the context of a trusted application.
- Basic authentication must be explicitly enabled per trusted application.
- Authentication via
/Logout) endpoints (a.k.a. ErpSession) is now treated as basic authentication.
- Domain API access via ErpSession must corresponds to a specific trusted application.
- Trusted applications with system user set as the built-in <SYSTEM> account don't allow basic authentication.
Does this change affect me?
Yes it does if,
- You are using basic authentication, not bound to a specific trusted application.
- Your trusted application is not configured to meet the requirements:
- Allows basic authentication.
- Have a specific system user set.
What to do if this change affects me?
Depending on the particular case, may be necessary:
- To create a trusted application, corresponding to your external one.
- To configure an existing trusted application (e.g. to allow basic authentication).
- If using ErpSession, to specify the exact trusted application uri in the body in your
/LoginPOST request. E.g.,
More information is available in our official documentation: