Security

Basic Authentication and HTTPS (Traditional)

Basic Authentication

The TPM web service uses HTTPS basic authentication to authenticate requests. To authenticate using HTTPS basic authentication, clients must provide the username and password of a valid TPM user in the HTTPS headers of their requests. Many tools and programming languages that support HTTPS, such as curl and Java, provide mechanisms and abstractions for providing HTTPS basic authentication data.

HTTPS

All requests to the data service must be sent over HTTPS, which ensures sensitive data, such as the username and password used to authenticate your requests, is encrypted. The HTTPS protocol utilizes Transport Layer Security (TLS) to prevent third parties from accessing data as it is transmitted. Servers provide authorized certificates in order to authenticate their identity over HTTPS connections. Tools such as curl and modern web browsers verify the integrity of the server certificates before sending request data over HTTPS in order to guarantee your data is sent to your intended recipient. TPM does not support insecure connections over HTTP. The combination of HTTP Basic Authentication and the HTTPS protocol provides a convenient way to authenticate your requests to the web service while assuring your sensitive data remains secure.