I’m revisiting my this thread to find solution to add JWT authentication to my API_ACTION. Referring to this post, I have added the JwtMiddleware to my code below:
https://discourse.hkvstore.com/t/custom-rest-api-action-with-security/3261/8
$app->get('/getSalesTransaction/{trxid}', function ($request, $response, $args) {
$trxid = RemoveXSS(Stripslashes($args["trxid"])) ?? null;
$sql = "
SELECT [TRXID], [PNRNO], [SALES_STATUS]
FROM SALESTRANSACTION
WHERE TRXID='". AdjustSql($trxid) ."'
";
if ($trxid !== null) {
$response = $response->withJson(ExecuteRow($sql));
}
$response = $response->write(json_encode($result));
return $response;
})->add(new JwtMiddleware());
It still allows me to access the API without login. I debug to show CurrentUserLevel() and it is always -2. Is there anything else I missed?