The FileMaker Data API uses a relatively simple authentication pattern when using a self hosted server. Post valid credentials to the server, receive a token, use that as a bearer token for subsequent requests.
With FileMaker Cloud 2 however, the process is made somewhat more complex through the use of Cognito, the AWS credentials management system.
In his excellent blog post Using the Data API on FileMaker Cloud Wim Decorte of Soliant Consulting had this to say:
We need something called a FileMaker ID token in order to use the Data API. The online help for FileMaker Cloud explains how to get one. Be prepared: it is a complex multi-step process.
Let’s just say that this is a masterful case of understatement. It’s a complex, multi-step, opaque, and scantily documented process! In that blog post Wim provides a ‘proof of concept’ Node.js app which takes care of the most difficult aspect of the process – generating the FileMaker ID token. If you’re using Node.js as your backend, or can, then this gets you a long way to solving the problem.
If like some 75% plus of the web you’re using PHP that’s probably not overly helpful and there’s more than one frustrated post on the Claris Community expressing displeasure at this situation.
We have a new client who is using FileMaker Cloud 2 exclusively, so we needed to solve this problem so that we could extend our Doctrine FileMaker Driver to allow us to build our usual Symfony apps, while using FileMaker Cloud as the backend in the same way as we can with on-premise FileMaker Server.
After several hours of reverse engineering Wim’s proof of concept to discover details, like which auth flow is used (for reference
USER_SRP_AUTH), and then taking a deep dive into exactly what Secure Remote Password protocol (SRP) is (for reference incredibly complex) we’ve released a PHP library which takes all the pain away for you.
FileMaker cloud authentication
Installation is done using Composer, the PHP package manager.
composer require matatirosolutions/fm-cloud-authentication
From there you create a
Credentials object, which you pass to the
$credentials = new \MSDev\FMCloudAuthenticator\Credentials( 'your-fm-cloud-server', 'your-fmrest-user', 'your-fmrest-password', \MSDev\FMCloudAuthenticator\Credentials::DAPI, 'your-database' ); $authenticator = new \MSDev\FMCloudAuthenticator\Authenticate(); $token = $authenticator->fetchToken($credentials);
All going well, at this point
$token contains a FileMaker Data API token which you can use in the
Authorization: Bearer header for subsequent calls to the FileMaker DAPI API.
We’ve yet to put this library into production, but we’re so excited to have got it operational that we couldn’t wait to share this with you.
Please let us know if you run into issues or if you have suggestions for improvement or extension.