Difference between revisions of "Basic authentication"

From Barion Documentation
Jump to navigation Jump to search
(Created page with "{{PageTitle|title=Basic Authentication}} A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the cred...")
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the credentials. In the case of a "Basic" authentication, the exchange must happen over an HTTPS (TLS) connection. Username and password are passed over the network as a base64 encoded string with a ":" separated. The following is a correct example of the Authorization header:<br/>
 
A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the credentials. In the case of a "Basic" authentication, the exchange must happen over an HTTPS (TLS) connection. Username and password are passed over the network as a base64 encoded string with a ":" separated. The following is a correct example of the Authorization header:<br/>
 
<code>Authorization: Basix YWxhZGRpbjpvcGVuc2VzYW1l</code>
 
<code>Authorization: Basix YWxhZGRpbjpvcGVuc2VzYW1l</code>
 +
<br/><br/>
 +
If the "Authorization" header is present, username and password will be fetched form the header, the ones passed in the querystring will be ignored. Should the authentication be unsuccessful (either username and/or password could not be decoded from the header, or the authentication type is not basic) HTTP 401 (Unathorized) will be the response. Invalid username/password yields a HTTP 400 (Bad Request) response. If the "Authorization" header is not present, credentials will retrieved from the querystring.

Revision as of 12:44, 3 December 2019

Basic Authentication

A client that wants to authenticate itself with the server can do so by including an Authorization request header field with the credentials. In the case of a "Basic" authentication, the exchange must happen over an HTTPS (TLS) connection. Username and password are passed over the network as a base64 encoded string with a ":" separated. The following is a correct example of the Authorization header:
Authorization: Basix YWxhZGRpbjpvcGVuc2VzYW1l

If the "Authorization" header is present, username and password will be fetched form the header, the ones passed in the querystring will be ignored. Should the authentication be unsuccessful (either username and/or password could not be decoded from the header, or the authentication type is not basic) HTTP 401 (Unathorized) will be the response. Invalid username/password yields a HTTP 400 (Bad Request) response. If the "Authorization" header is not present, credentials will retrieved from the querystring.