Authentication

The system controls access to its service through HTTP basic authentication. The technique is defined in section 11.1 of RFC1945, which is simple to implement, and uses standard HTTP headers.

The HTTP Basic Access Authentication requires authorization credentials in the form of a user name and password before granting access to resources in the system. The username and password are passed as Base64 encoded text in the header of API requests.

The HTTP header format for authentication is defined in the table below.

Field Name

Description

Value

Authorization

Basic authentication is supported.

Basic [Base64 encoded credentials]

Example:

The Base64 encoded credentials for user name of joe and a password of bloggs.

For example, from a command line (note the removal of the new line in the echo command):

$ echo -n "joe:bloggs" | base64
am9lOmJsb2dncw==

the header will be:

Authorization: Basic  am9lOmJsb2dncw==

For example, using curl:

curl -k -H "Authorization: Basic am9lOmJsb2dncw=="
  'https://hostname/api/data/MyModel/'

It is required that all requests be conducted over a secure session, such as HTTPS or SSL.

A VOSS Automate self-signed certificate needs to be installed into a local trust store of the client application.