Is there any way ,we authenticate the xdmp:http-put function inside the schedule task without using authentication options?

Question

Is there any way ,we will get the authentication of schedule task to authenticate the xdmp:http-put function inside the schedule task.
For example := Schedule task run a xqyfile in every minutes ,and that file contains a http:put method to call a rest service.

let $url  := 
fn:concat('http://',xdmp:hostname($host),':',$PORT,'/v1/resources/example')   
        return
                xdmp:http-put($url,
                    <options xmlns="xdmp:http"> 
                        <data>{
                           xdmp:quote($data)
                       }</data> 
                 </options> 

where $port is the rest service port ,$host is the host in cluster Is this possible to get the autentication from schedule task and pass it, to xdmp:http-put method.This is require ,because password is environment dependent,we will not know the password.

Answer 1

If you want to be able to invoke an endpoint without authentication, you could configure an appserver with Application Level authentication and set a default user. There are obvious security considerations, so you might have a specific appserver setup for this purpose and configure minimal roles and permissions for that default user.

Another option would be to use Secure Credentials to store the authentication information securely in the Security database.

<credential-id> The credential id to use for authentication. This is the preferred way of providing authentication credentials because they are stored securely in the security database. When a credential id is specified, the other authentication information fields should be left empty and will be ignored. For details on obtaining a credential id, see the Usage Notes, below.

import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy";
xdmp:invoke-function(function() {
  sec:create-credential("my-secure-credential", "a secure credential", 
     "myUsername", "myPassword", 
     (), (), fn:false(), 
     sec:uri-credential-target(".*/v1/resources/example.*", "digest"), 
     xdmp:permission("rest-writer", "execute")
   )
 },
 <options xmlns="xdmp:eval">
   <database>{xdmp:database("Security")}</database>
 </options>
)

Then leverage those credentials in the options of the xdmp:http-put.

let $url  := fn:concat('http://',xdmp:hostname($host),':',$PORT,'/v1/resources/example')   
return
  xdmp:http-put($url,
                <options xmlns="xdmp:http"> 
                  <data>{xdmp:quote($data)}</data>
                  <credential-id>{xdmp:credential-id("my-secure-credential")}</credential-id> 
                </options>) 

That way, you can update the credentials on each system and avoid hard-coding authentication information in the code.

If the endpoint that you are trying to invoke is a MarkLogic REST endpoint, then rather than invoking via HTTP, you could have your scheduled task module import the REST module and invoke it's get or post method:

import module namespace m = "http://marklogic.com/rest-api/resource/example" 
  at "/marklogic.rest.resource/example/assets/resource.xqy";
let $context := map:map()
let $params := map:map()
let $input := ()
return m:post($context,$params, $input)