Generic Http Handler

Generic Http Handlers are used to extend the existing Http API functionality in Link like AS2, AS4, REST, SOAP, etc.

The framework is pluginable like a lot of other steps in Link (See code examples for more implementation details).

Use cases for Http Handlers

Some use cases for Http Handlers can be:

• The client requires a specific instant result like some cXml integrations.

• The client need to read some data from Link that is not exposed out-of-the-box.

• Meta data for the payload is exposed in a way that the existing API’s doesn’t understand. Like custom http-headers, url-parameters, etc.

• TODO: Find more/better usecases

Built-in security

When setting up an Http Handler, it’s possible to use the built-in authorization flow in Link. If this option is checked, the request will first be validated against the PAT (Personal Access Token) authentication scheme og the Oauth2 (ResourceOwner) authentication scheme. It’s up to the client which of these authentication schemes that is used.

If built-in security is not chosen, it’s highly recommended to implement custom authentication, so any hacker attacks can be avoided.

Roles and permissions for UI access

The following permissions are introduced:

• “Developer Tools Create HttpHandler” (Developer_Action_HttpHandler_Create)

• “Developer Tools Edit HttpHandler“ (Developer_Action_HttpHandler_Edit)

• “Developer Tools Delete HttpHandler“ (Developer_Action_HttpHandler_Delete)

The are all part of the “Developer” role.

Roles and permissions for API access (when using built-in security)

A new role is introduced: “API Generic Http Handler”
The role contains a single permission: “API Generic Http Handler” (API_GenericHttpHandler)

The role is by default not included in any usergroups.

When using built-in secutiry, the service-account (Link User) must have this permission to gain access to the Http Handler.