To be authorized on the Rest API to perform the desired action, one must be authenticated. For this, nothing could be easier, our REST API uses the HTTP Basic authentication.
If you attempt to access any REST API request without authorization, you will receive an error response (401 Unauthorized) with a specific response header because it did not receive an identification header.
HTTP/1.1 401 Unauthorized
Set-Cookie: ECLYPSERESTSESSIONID=1jqtspqfcpqh1yn8rm0hv8ddg;Path=/
WWW-Authenticate: basic realm="Radius"
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 1437
Server: Jetty(7.x.y-SNAPSHOT
Identified above is a typical response header you can receive. The server indicates that the required method is Basic followed by the protection domain.
To be authenticated, the Http client needs to retry the request by specifying the "Authorization" in the header. This request must contain the using method followed by the Base64 representation of the username and password separated by the ":" character.
For example, to authenticate the user "Paul" with the password "Hochon", the client sends:
//Base64(Paul:Hochon) = "UGF1bDpIb2Nob24NCg=="
Authorization: Basic UGF1bDpIb2Nob24NCg==
With this request Http client header, your request will go through the authentication process.
No, after your first request with the "authorization" header, you will receive in the response a cookie:
Set-Cookie: ECLYPSERESTSESSIONID=1ihtgt27axib71plskbk2nhp4i;Path=/
You need to add this cookie to each of your header request without the "authorization" header.
Everytime you will send the "authorization" header, you will receive a new cookie to use.
Be careful, though! To be fully secured you need to use only the HTTPS protocol, to prevent against phishing information.