Managing modalities using the REST-API and KeyCloak

kenmunyao · August 20, 2025, 12:47pm

Hello,

Amazing product first off, extremely grateful for the releases and uptades so far. I have Orthanc (version 1.12.9) with the authorization-plugin (version 0.10.1) and KeyCloak (version 26.2.5) setup and working wonderfully so thank you very much OrthancTeam!

On modalities; I am aware these can be added to the config, but I would want to use the REST-API to view, add, update and delete modalities dynamically. I had a custom python plugin that sends API requests to the REST-API to do this, but on upgrading to use the authorization plugin and KeyCloak, I get a 403 when I send PUT/DELETE requests to the REST-API.

To remedey, I have given all permissions to my admin user in the permissions.json file, and generated an api-key for the user on KeyCloak as a user attribute. I was now able to do REST-API requests against study, series and instance resources, including PUT/POST, but for modalities I can only do GET requests, PUT/Delete requests still get a 403 error.

Now my query; is the api-key attribute supposed to be used for the modality resource or this is limited to study/series/instance/patient resources? If it is not meant for managing modalities, what may I use instead?

Here is a snippet of my config file for reference: Orthanc_Json_File — Codefile
And the curl response:

alainmazy · August 25, 2025, 2:51pm

Hi @kenmunyao

Actually, I think the problem is that there are no default permissions defined for the PUT and DELETE requests on the /modalities route.

You should probably just add something like:

        "ExtraPermissions" : [
             ["put", "^/modalities/(.*)$", "admin-permissions"],
             ["delete", "^/modalities/(.*)$", "admin-permissions"],
        ]

Please tell me if that works and I’ll add them in the defaults for the next release.

HTH,

Alain

kenmunyao · August 26, 2025, 5:04am

Hello @alainmazy,

Yes this works! Terrific!

Adding this config to the default config is a splendid idea.

Thank you very much

alainmazy · August 26, 2025, 10:11am

Done in this commit.

kenmunyao · August 27, 2025, 5:38am

@alainmazy I also noticed while get requests on /modalities works, APIs like /modalities/{id}/configuration don’t with the api-key unless extra permissions for get are explicitly added.

You may consider adding in the default config as below:

// add-delete modalities through the Rest API

[“get”, “^/modalities/(.*)$”, “admin-permissions”],

[“put”, “^/modalities/(.*)$”, “admin-permissions”],

[“delete”, “^/modalities/(.*)$”, “admin-permissions”]

alainmazy · August 28, 2025, 7:49am

I have updated the default permissions to grant access to GET /modalities/../configuration to all users that are allowed to query or send to a modality: orthanc-authorization: 0b0222d3a7f9