Basic Authentication

If your application is not going to be published or used by other users than you or the people in your organisation then you can use a simpler way of authentication.

Instead of using the application key and the secret key, you can use your regular username and password. Any API calls using this authentication method will run in the context of the user making the call, and therefore inherit all the roles of that user.

🚧

Heads up!

Applications using this authentication method cannot be published in the App market as they would require your users to provide their username and password to the application developer.

In order to use the internal authentication your user must be granted API access. You can do this by accessing the user details from the users list, clicking on the “Status” tab and enabling the option “API Access". You must also enable the option to make this user an unrestricted administrator or assign one or more roles to it.

Creating the authentication token

This authentication method doesn't need a calculated authentication token. Simply add a valid HTTP authentication header using your email and password

httpClient.DefaultRequestHeaders.Authorization = 
 new AuthenticationHeaderValue(
   "Basic", 
     Convert.ToBase64String(
      ASCII.GetBytes(string.Format("{0}:{1}", username, password))));
$header = "Authorization: Basic " . base64_encode($username . ':' . $password);
base64string = base64.encodestring('%s:%s' % (username, password)).replace('\n', '')
header = ("Authorization: Basic %s" % base64string)
$header = 'Authorization: Basic ' + Base64.encode64( username + ':' + password ).chomp
$.ajax
({
   type: "GET",
   url: "https://www.example.com",
   dataType: 'json',
   headers: {
    "Authorization", btoa(username + ":" + password)
   },
   data: '{}',
   success: function () {
 }
});
var username = 'Test';
var password = '123';
var auth = 'Basic ' + new Buffer(username + ':' + password).toString('base64');

var header = {'Host': 'www.example.com', 'Authorization': auth};
var request = client.request('GET', '/', header);