Proxies and authentication

The Kepler framework uses a proxy to handle client requests. It exposes a factory class that you can use to create the a client proxy by passing URIs to the required services and credentials. The following sections outline this process and available authentication methods.

This page contains the following information:

ServiceFactory class

Use the ServiceFactory class to create proxies for Kepler services or Relativity services (RSAPI). The T CreateProxy<T>() method is used to create the proxy, which takes and returns the following:

  • Generic type T - the service contract, which is the interface defining the service.
  • Proxy - a .NET object that implements the contract returned by the method.

Use the following parameters to construct a ServiceFactory object, which is available through the ServiceFactorySettings class:

  • RSAPI base URI - used to construct the full URI to RSAPI services. It uses the following format:
    <scheme>://<machine name>/<kCura Service Host Manager PID>/Relativity.Services

    Additionally, you use this URI to exchange the credentials for an authentication token for Kepler services or RSAPI.

  • REST base URI - used to construct the full URI to Kepler services. It uses the following format:
    <scheme>://<machine name>/Relativity.Rest/api
  • Credentials - see Authentication for Kepler services.

The following code sample illustrates how to create a proxy. For sample usage, see Client .NET proxy.

Uri relativityRestUri = new Uri(@"http://localhost/");
Credentials credentials = new UsernamePasswordCredentials("username", "password");

ServiceFactorySettings settings = new ServiceFactorySettings(relativityRestUri, credentials);

ServiceFactory factory = new ServiceFactory(settings);

// Create a proxy for a Kepler service
IExampleService proxy = factory.CreateProxy<IExampleService>();

bool serviceOkay = await proxy.PingAsync();

Client .NET proxy

Use the client .NET proxy to interact with a Kepler service as a set of .NET objects. This proxy is created using the ServiceFactory class. The proxy type is the same as the Kepler service interface, and each member method becomes a service endpoint.

When you call a member method, the proxy makes a corresponding HTTP request to the respective service endpoint, using the appropriate URL, HTTP headers, and verbs. The response from the endpoint has the return type of the proxy method that was called.

// ServiceFactory used to create a proxy object. (Omitting constructor parameters for simplicity.)
var factory = new ServiceFactory(...);

// Create client-side service proxy.
var proxy = factory.CreateProxy<IExampleService>();

// Use the proxy to exercise a Kepler service as .NET object.
bool serviceOK = await proxy.PingAsync();

// Use the service responses
if (serviceOK) {
    Console.WriteLine("Service is okay.");

Authentication for Kepler services

The Kepler framework uses methods that take credentials for basic and OAuth2 authentication. It also supports cookie authentication through the browser. See the following sections for more information:


The Kepler framework supports the following credential types:

  • UserNamePasswordCredentials() method - takes credentials used for basic authentication. For more information, see Basic authentication.
    // Pass in the username and password to this method.
    Credentials credentials = new UsernamePasswordCredentials(username, password);
  • BearerTokenCredentials() method - takes credentials used for OAuth2 authentication. For more information, see Bearer token authentication and Client Credentials on the Oauth website.
    Uri tokenEndpoint = new Uri("");
    // Using the IdentityModel library [ ]
    var client = new TokenClient(
    var response = await client.RequestClientCredentialsAsync("scope");
    var token = response.AccessToken;
    Credentials credentials = new BearerTokenCredentials(token)

Cookie authentication

When a user logs into Relativity, the RelAuth cookie is issued to the browser. This encrypted cookie contains the information that validates the user. This cookie can be passed to the Relativity’s REST APIs instead of an HTTP authorization header. If the encrypted cookie is valid, the call will be authenticated under the credentials of the user who logged in via the web. For more information, see Cookie authentication.

Note: Cookie authentication only apples to browser-based calls, such as those made through JavaScript, to Kepler services.

<script type = "text/javascript" >
    $(document).ready(function() {
                url: "http://localhost/Relativity.REST/Relativity/User",
                type: "GET",
                contentType: "application/json"
            .done(function(data) {
                var userCount = data.ResultCount;
                var retVal = "userCount: " + userCount;
            .fail(function(xhr, status, error) {
                alert("Status: " + status);
                alert("Error: " + error);
                alert("ResponseText: " + xhr.responseText);
            .always(function() {

Community Updates

Aero Developer FAQ Evolving the Platform Most recent release notes
Learn more Learn more Learn more

Additional Resources

Access Third-Party Tools with GitHub     Create .NET Apps Faster with NuGet
Visit github     visit nuget