diff --git a/docs/self-managed/setup/deploy/local/c8run.md b/docs/self-managed/setup/deploy/local/c8run.md index 3abdf676311..251f01c3c84 100644 --- a/docs/self-managed/setup/deploy/local/c8run.md +++ b/docs/self-managed/setup/deploy/local/c8run.md @@ -116,57 +116,35 @@ Once configured correctly, your Connectors are available for use in Modeler. ### Use Camunda APIs -Camunda 8 Run authenticates with the [Tasklist](/apis-tools/tasklist-api-rest/tasklist-api-rest-overview.md), [Operate](/apis-tools/operate-api/overview.md), and [Zeebe](/apis-tools/zeebe-api/grpc.md) APIs, as well as the unified [Camunda 8 REST API](/apis-tools/camunda-api-rest/camunda-api-rest-overview.md), by including cookie headers in each request. This cookie can be obtained by using the API endpoint `/api/login`. +All served Camunda APIs are by default **unprotected** in Camunda 8 Run, and can be accessed without any authentication credentials or token provided. -To authenticate and begin making requests, take the following steps: +The available APIs are [Tasklist V1](/apis-tools/tasklist-api-rest/tasklist-api-rest-overview.md), [Operate V1](/apis-tools/operate-api/overview.md), [Zeebe gRPC](/apis-tools/zeebe-api/grpc.md) and the unified [Camunda 8 REST API](/apis-tools/camunda-api-rest/camunda-api-rest-overview.md) - +### Enable authentication and authorization - +To work with authorizations, API authentication and authorization enforcement must be enabled. The following minimal `application.yaml` shows the required configuration for the APIs and authorizations: -1. Log in as user 'demo' and store the cookie in the file `cookie.txt`: - -```shell -curl --request POST 'http://localhost:8080/api/login?username=demo&password=demo' \ - --cookie-jar cookie.txt +```yaml +camunda.security: + authentication.unprotected-api: false + authorizations.enabled: true ``` -2. Send the cookie (as a header) in each API request. In this case, request all process definitions: +Place the above `application.yaml` into your root `/c8run` folder, provide it to Camunda 8 Run at startup using the `--config` [flag](#configuration-options): -```shell -curl --request POST 'http://localhost:8080/v1/process-definitions/search' \ - --cookie cookie.txt \ - --header 'Content-Type: application/json' \ - --data-raw '{}' ``` - - - - -:::note -Some endpoints in the [Camunda 8 REST API](/apis-tools/camunda-api-rest/camunda-api-rest-overview.md) are considered [alpha features](/components/early-access/alpha/alpha-features.md), and are still in development. -::: - -1. Log in as user 'demo' and store the cookie in the file `cookie.txt`: - -```shell -curl --request POST 'http://localhost:8080/api/login?username=demo&password=demo' \ - --cookie-jar cookie.txt +./start.sh --config application.yaml ``` -2. Send the cookie (as a header) in each API request. In this case, the topology of your Zeebe cluster: +You are then required to provide basic authentication credentials on API requests, as in the following: ```shell -curl --cookie cookie.txt localhost:8080/v2/topology +curl --request POST 'http://localhost:8080/v1/process-definitions/search' \ + -u demo:demo \ + --header 'Content-Type: application/json' \ + --data-raw '{}' ``` - - - ## Shut down Camunda 8 Run To shut down Camunda 8 Run and end all running processes, run `./shutdown.sh` (or `.\c8run.exe stop` on Windows) from the C8Run directory.