5.1. Basic Access Authentication (RFC 2617)
5.1.1. Overview
System Actors
| Client | the party sending the HTTP request. i.e. the API Client |
| Server | the party receiving the HTTP request. i.e. the endpoint, either MGW’s or the User’s system |
5.1.2. The implementation of HTTP Header “Authorization” is for the following core reasons :
5.1.2.1. Prove the identity of the client / user-agent
5.1.3 When required by the server , all requests are verified against the values set in the Authorization header. The server MUST either allow or deny requests based on the validity of the submitted header value.
5.1.4. The authorization mechanism DOES NOT address confidentiality of the HTTP request. The HTTP Requests, however, MAY be sent via a secure transport (i.e. HTTPS) to achieve confidentiality.
5.1.5. The header value is formatted as: AuthType Credential
5.1.5.1. Where:
5.1.5.1.1. AuthType MUST be set to “ Basic “.
5.1.5.1.2. Credential MUST be set as the encoded credential.
5.1.5.1.2.1. The ClientIdentity and Password must be combined into a string, then encoded using RFC2045-MIME variant of Base64, except not limited to 76char/line
5.1.5.1.3. The ClientIdentity and Password will be provisioned and assigned to you by your Account Manager
