Hi Marcel
Had a bit of a play with this and the biggest problem seems to be that when calling a server action from another server the result doesn’t seem to be returned to the calling routine
I can call a server action directly in a browser by typing its full path i.e.
https://mydomain.com/dmxConnect/api/myaction.php
and the full json is returned
However when i tried the same call inside App connect ii am not getting anything returned
Perhaps server connect prevents cross domain access? That’s something the developers will have to answer
The access token part is fairly straight forward if you can get this cross domain call working
Firstly on the Apache server create a server action, i shall call get_token
This action will generate a random string, anything will do, i will use “timestamp” from the server data picker
In server connect => core actions, select set variable and I will call it token
set it’s contents to {{timestamp}}
Check output!
Secondly we need an encryption salt which will be used on both servers
say Set value salt =‘mysecretsalt’
do not check output!
Lastly compute an encrypted string from those parameters, say called check. I shall use sha256
so
set check = token.sha256(‘salt’)
Check output!
You can secure the whole action with a security provider if you want, probably best to do that
So in your calling app page create a server connection to this action

This action will return the two values token and check

so when calling the action from the other server, send these parameters with your query
So for example
select myfield from mytable where id=$_GET.id
we would send the id parameter AND the additional token and check values

Lastly at the IIS end your server action would recompute the token via the same salt and compare with the check value.
If they match the source is valid
So use core actions=>Conditions
And compare $_GET.token.sha256(‘mysecretsalt’) === $_GET.check and generate an error if they do not match via Core Actions => Response
Should work with POST or GET