REST User Authentication

The PAS REST service has built in user authentication that can be enabled to prevent users from calling specific methods such as GET, PUT, POST, & DELETE. Once user authentication has been enabled all calls to the server will need to be authenticated by passing through the user name and password within the REST call.

Note: When user authentication is enabled the HTML PDF Viewer/Notes will prompt with a dialog for the REST authentication credentials before the document is served. If the document also has an "Open Password" the user will be prompted twice, first for the REST server and then again for the document password.

Setting up REST User Authentication

To enable user authentication follow the steps below.

  1. Stop the PAS service
  2. Navigate to the installation directory and locate the "rest-users.xml" and open it in any xml/text editor
  3. Replace the sample users with the users for your server. Create each user on a separate line using the following format: <user username="user" password="password" roles="roles" /> replacing "user" with the user name, "password" with the password for the user, and "roles" with REST call methods that the user has permission to separated by commas (i.e. GET, POST, PUT). See the example at the bottom of this page.
  4. Start the PAS service

IMPORTANT: In order to enable the user authentication the service must be stopped and started. Modifying the "rest-users.xml" while the service is running will not load the user authentication changes as the user authentication is only loaded into the service at startup.

Example REST users

Below is an example showing how sample users added to the "rest-users.xml" file.


<user username="john" password="password" roles="GET" />

<user username="jane.doe" password="12345678" roles="GET, POST, PUT" />

<user username="admin" password="admin" roles="GET, POST, PUT, DELETE" />



Qoppa Software's PDF Automation Server for Windows, Linux, Unix, and macOS

Automate PDF Document Workflows through RESTful Web Services & Folder Watching

Copyright © 2002-Present Qoppa Software. All rights reserved.