API, FileMaker, FileMaker Cloud, FileMaker Data API, PHP

FileMaker Cloud v2 DAPI authentication with PHP

The FileMaker Data API uses a relatively simple authentication pattern when using a self hosted server. Post valid credentials to the server, receive a token, use that as a bearer token for subsequent requests.

With FileMaker Cloud 2 however, the process is made somewhat more complex through the use of Cognito, the AWS credentials management system.

In his excellent blog post Using the Data API on FileMaker Cloud Wim Decorte of Soliant Consulting had this to say:

We need something called a FileMaker ID token in order to use the Data API. The online help for FileMaker Cloud explains how to get one. Be prepared: it is a complex multi-step process.

Let’s just say that this is a masterful case of understatement. It’s a complex, multi-step, opaque, and scantily documented process! In that blog post Wim provides a ‘proof of concept’ Node.js app which takes care of the most difficult aspect of the process – generating the FileMaker ID token. If you’re using Node.js as your backend, or can, then this gets you a long way to solving the problem.

If like some 75% plus of the web you’re using PHP that’s probably not overly helpful and there’s more than one frustrated post on the Claris Community expressing displeasure at this situation.

The biggest challenge is that there’s no documentation about what’s happening outside of that link above which provides scant details and like Wim’s post, assumes you want to do this in JavaScript.

We have a new client who is using FileMaker Cloud 2 exclusively, so we needed to solve this problem so that we could extend our Doctrine FileMaker Driver to allow us to build our usual Symfony apps, while using FileMaker Cloud as the backend in the same way as we can with on-premise FileMaker Server.

After several hours of reverse engineering Wim’s proof of concept to discover details, like which auth flow is used (for reference USER_SRP_AUTH), and then taking a deep dive into exactly what Secure Remote Password protocol (SRP) is (for reference incredibly complex) we’ve released a PHP library which takes all the pain away for you.

FileMaker cloud authentication

Installation is done using Composer, the PHP package manager.

composer require matatirosoln/fm-cloud-authentication

From there you create a Credentials object, which you pass to the fetchToken method.

$credentials = new \MSDev\FMCloudAuthenticator\Credentials(
    'your-fm-cloud-server',
    'your-fmrest-user',
    'your-fmrest-password',
    \MSDev\FMCloudAuthenticator\Credentials::DAPI,
    'your-database'
);

$authenticator = new \MSDev\FMCloudAuthenticator\Authenticate();
$token = $authenticator->fetchToken($credentials);

All going well, at this point $token contains a FileMaker Data API token which you can use in the Authorization: Bearer header for subsequent calls to the FileMaker DAPI API.

We’ve yet to put this library into production, but we’re so excited to have got it operational that we couldn’t wait to share this with you.

Please let us know if you run into issues or if you have suggestions for improvement or extension.

3 Comments
  • Hi Steve,

    Thanks for much for sharing this. You’ve saved many hours of frustration for anyone working on integrations with the Data API and FileMaker Cloud using PHP. I’m having an issue getting up and running – hopefully it’s something simple. I’ve created an issue on the Github page with the details.

    cheers,
    Andrew

    January 31, 2022 at 4:17 am
  • Chris Pink says:

    Not finding the package with the composer package name above, if fact from Github;

    composer require matatirosoln/fm-cloud-authentication

    July 19, 2022 at 10:25 am
    • My bad – thanks for pointing this out. Page now updated 🙂

      July 19, 2022 at 10:29 am

Leave A Comment

*
*