OutSystems allows you to customize the authentication logic to be used in your exposed REST APIs.
For that, do the following:
In the Logic tab, open the Integrations folder.
Select the exposed REST API you want to change and set its "Authentication" property to
Custom. As a result, OutSystems creates the "OnAuthentication" action in your REST API, which will be executed for every incoming request of this REST API, before the called method's action flow.
In the "OnAuthentication" action, design the logic to authenticate the client. If you need to access data received in the URL, header or body of the HTTP request, you can use the GetFormValue, GetRequestHeader or GetRequestContent actions of the HTTPRequestHandler extension.