OData and authorization

Hi All,

I’m actually developping a little OData API which will serve as source for our Appsheet apps,
and now I have to implement the authentication part.

When on Appsheet, select data source, OData, you can fill the OData API url and then a logon/password.

If I click “connect” only a GET https://odataurl/$metadata is sent by Appsheet.
I d’like to protect this by redirecting to an authentication URL which will wait for a POST user/password.
But how can I inform Appsheet on which url/ body content to use to get an authentication to my API ?

Is it usable as it ?

If not, I’ve read that Appsheet uses OAuth2, I can implement an OAuth2 authentication.
But in this case, which user token will be used to get a connection to my API, the Appsheet app creator token or the App user one ?

How are intended to be used the user/password fields in the OData connection screen ?

@Phil Any thoughts?

Actually @Harry can help out with this one.

@odata_appsheet I’m afraid that what you want to achieve is not possible at the moment. Currently we only support basic authentication for OData, which is secured by the use of HTTPS (more information about basic authentication here. Because the OData protocol does not cover authentication, different OData APIs can implement different authentication schemes. Since it is not practical for us to support all of these different schemes, we decided to use basic authentication following the recommendations in the OData V4 protocol. However, this is only for the beta phase. Going forward, we will eventually select and implement a more secure and robust authentication scheme, such as OAuth 2 for OData. I can’t give you a concrete timeline for when this will happen, but I am positive that it will be released this year.

Hi Harry,

I’ll then implement the basic authentication in my API.
Thank you very much for the information.