Basic Authentication Policy

The Basic Authentication Policy provides a simple and effective way to secure your API by requiring clients to supply a valid username and password with each request. This method of authentication is widely supported and easy to implement, making it ideal for scenarios where straightforward access control is needed.

Key Features

• Credential Verification: Clients must include valid credentials in the Authorization header to access the API.
• Base64 Encoding: The username and password are combined into a single string, then Base64 encoded, and sent as part of the request header.
• Access Control: Requests with missing or invalid credentials are denied, ensuring that only authorized users can interact with the API.

How It Works

1. Client Request:

   • The client includes an Authorization header in the request, formatted as follows:

     Authorization: Basic <base64-encoded-credentials>
   • The <base64-encoded-credentials> is the result of encoding the string username:password.

2. Policy Validation:

   • The API intercepts the request and decodes the credentials.
   • The decoded username and password are then validated against the configured credentials.

3. Access Decision:

   • Valid Credentials: The request is allowed to proceed to the backend or mock service.
   • Invalid or Missing Credentials: The request is rejected with an appropriate error message.

Example Usage

When Basic Authentication is enabled, a typical request header might look like this:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Steps

• Add the Basic Authentication Policy
• Provide a Username and Password in the properties
• Deploy and test