OAuth2 Authentication Guide for Data as a Service

OAuth2 Authentication Guide for Data as a Service

GET with Credentials Encoded in the Header

GET with Credentials Encoded in the Header

Instead of including your credentials in the URL, you can include them in an HTTP header. This is more secure than including them the URL. The header must be in this format, replacing the bold text with encoded credentials:
Authorization: Basic
[base64 encoded credentials]
To encode credentials, you base64 encode the user name / password combination or the user name / license key combination separated by a colon:
username:password
or
username:licensekey
For example, using the same user name and password from the previous section the string to encode would be:
user@example.com:auth123
Similarly, using the same user name and license key from the previous section the string to encode would be:
user@example.com:6BC4029C9A94FBC5581F
This string may be base64 encoded programmatically or by using a free resource such as www.base64encode.org. Once encoded, the resulting string will look something like this: dXNlckBleGFtcGxlLmNvbTphdXRoMTIz
A complete HTTP header would then appear like this, with the key of Authorization and a value indicating basic authentication with your encoded credentials:
Authorization: Basic dXNlckBleGFtcGxlLmNvbTphdXRoMTIz
With this header defined, initiate an HTTP GET operation to the token service. Note that the URL must still contain the query string parameter
grant_type=client_credentials
for a GET operation like this:
The complete HTTP request would look something like this:
GET /oauth2/v2/token?grant_type=client_credentials HTTP/1.1 Host: oauth2.strikeiron.com Authorization: Basic dXNlckBleGFtcGxlLmNvbTphdXRoMTIz

0 COMMENTS

We’d like to hear from you!