Basic Auth

From DreamFactory
Jump to: navigation, search

DreamFactory supports Basic HTTP Authentication both via Authorization request header and URL. At a minimum, you should use HTTPS to protect credentials when using the request header, and should altogether avoid inserting credentials into URLs.

API Endpoints

Using Authorization request header

{METHOD} https://{url}/api/v2/{service}/{resource}

Request Header:

 Accept:application/json
 Accept-Encoding:gzip, deflate, sdch
 Accept-Language:en-US,en;q=0.8
 Authorization:Basic {base64_encode(username + : + password)}    <-- Basic Authentication
 Connection:keep-alive
 Content-Type:application/json
 ....

Using URL

{METHOD} https://username:password@{url}/api/v2/{service}/{resource}

Note: Basic Authentication over URL will not work for user agents that support request header (most web browsers)

Example - Basic Authentication via Authorization request header using JQuery Ajax call

var username = $('#username').val();
var password = $('#password').val();
var url = 'https://foo.com/api/v2/db/_table'
 
$.ajax({ 
    url: url,
    async: true,
    type:'GET',
    dataType: 'json',
    contentType: 'application/json',
    beforeSend: function(xhr) {
        xhr.setRequestHeader("Authorization", "Basic "+btoa(username+':'+password));
    },
    success: function(json){
        ...
    },
    error: function(err) {
        ...
    }
});

Example - Basic Authentication via URL using CURL

curl https://jdoe%40dreamfactory.com:[email protected]/api/v2/db/_table

Note: %40 = url_encode(@)