Since version 15, the Password Depot Enterprise Server additionally includes a REST API with access via HTTP protocol. This API can be used to create a web service for users accessing the Enterprise Server with a browser directly.
For demo purposes and as a basis for further customization, we have developed such a service and published it here: https://web.password-depot.de.
All customers who are registered for the Enterprise Server may use this web service and receive its full source code on request.
Note: To use the web service, you must enable the access of Web Clients to the Enterprise Server in the server settings (Manage -> Server settings -> Connections, this access is disabled by default). Additionally, it is also recommended to install an SSL certificate for your specific domain and use the SSL
protocol for server connection. Make sure that the SSL certificate is issued by a recognized CA.
If endusers connect to the web service using a browser, the Enterprise Server’s address and REST port number (by default 8714) are required. All data is exchanged between the Enterprise Server and browser directly.
As usual, the Password Depot Enterprise Server is using a proprietary encrypted TCP based protocol on the default port 25015. This port is also used for communication with Windows, macOS, Android and iOS clients.
Additionally, it creates on the default port 8714 an HTTP server, which corresponds to the RESTful standard (https://searchapparchitecture.techtarget.com/definition/RESTful-API, for example). Please note that the Password Depot Enterprise Server does not produce any HTML pages but sends and receives all data as JSON formatted data packets in open form. Thus, an encrypted SSL connection is important for using the API. To use the API in the browser in a user-friendly mode, an additional layer is required - a web service that generates all necessary HTML, CSS and JavaScripts files. An example of such a web service can be found here: https://web.password-depot.de
The browser connects to the Enterprise Server directly, thus, no sensitive data is sent to or by the web-service itself.
If you plan on maintaining your own web service, you may deploy the source on any machine in your network running an HTTPS web server. Please visit https://github.com/acebit-gmbh/pd-web-frontend/blob/master/README.md to see the list of requirements.
If you plan on maintaining your own web service, you may deploy the source on any machine in your network running an HTTPS web server. Please visit https://github.com/acebit-gmbh/pd-web-frontend/blob/master/README.md to see the list of requirements.
Comments
Sinamia Nistor
Please sign in to leave a comment.