Security and the SData Gadget and ReadOnly SData provider

1 minute read time.

For an introduction to SData REST based web services then please see the article "Accessing SData Provider"

Another example of how SData is used in Sage CRM's Interactive Dashboard feature can be found here: "An SData Example — the Sage CRM Interactive Dashboard SData Gadget"

You can read about the SData provider in the documentation.

Members of the Developer Program can download the following resources

Recorded Presentations

Security and SData

It is important to note that access to data via the REST based interface is controlled by security profiles and field level security. That has the effect of limiting access to rows within entities and views. A data source for SData can either be an entity or be a view. Field level security will also limit the columns that are returned within the generated XML.

Within external applications the dynamically constructed feed will need to be handled. A programmer can not assume which columns will be returned in the XML or which data source available.

This information can be requested from in the Schema

  • http://[servername]/sdata/[installname]j/sagecrm/-/$schema
  • http://[servername]/sdata/[installname]j/sagecrm/-/company/$schema

Schema requests do not require authentication, so they will show all possible data fields.

To make an actual data request Sage CRM does not advertise supported authentication methods via the usual WWW-Authenticate response header. The programmer needs to perform a pre-emptive authentication.

This javascript code snippet shows how authentication can be carried out.

[code language="javascript"]
XmlHttp = new XMLHttpRequest();
var strURL = "http://[servername]/sdata/[installname]j/sagecrm/-/company?where=comp_companyid in ('43', '45')";
XmlHttp.open('GET',strURL,false);
XmlHttp.setRequestHeader("X-Sage-Authorization", "Basic " + "QWRtaW46");
//XmlHttp.setRequestHeader("Authorization", "Basic " + encodeBase64 ("username:password") );
//encodeBase64 would be a function in a script library.
XmlHttp.send(null);
var strHtml = XmlHttp.responseText;
XmlHttp=null; // always clear the XmlHttp object when you are done to avoid memory leaks
processResult(strHtml);
//processResult is the function that will handle the returned XML
[/code]

Note: encodeBase64() would be a function that encodes the user:password combined string.

Parents Comment Children
No Data