Security, Authentication and Authorization
When you make HTTPS requests to Developer Portal REST endpoints in API Platform Cloud Service, you ensure secure, authenticated and authorized access by providing the following information:
-
An SSL certificate authority (CA) certificate file or bundle to authenticate against the Verisign certificate authority (CA) certificate. (Oracle Cloud uses a CA certificate issued by Verisign to enable clients to connect securely to the server.)
-
The
Authorization
standard header to specify the user name and password of an API Platform Cloud Service user with authorization to perform the operation.
The Authorization Header
When making a request to Developer Portal REST endpoints for API Platform Cloud Service, in must specify an Authorization
header whose value contains the user name and password of an API Platform Cloud Service user with authorization to perform the requested operation. The value has the form:
Basic base64-encrypted-username-colon-password
where base64-encrypted-username-colon-password
is the user name and password, separated by a colon and encoded using Base64 encoding. For example, given the user name apicsadmin
and the password welcome1
, the string to encode would be apicsadmin:password
and the resulting header would be:
Authorization: Basic YXBpY3NhZG1pbjpwYXNzd29yZAo=
Note:
Many client applications provide a method that creates this header for you. In cURL, for example, the -u
(--user
) option adds the Authorization
header to a request:
--user apicsadmin:password
generates the same Authorization
header shown in the previous example.
You can use the base64
command on Unix operating systems to encode a username and password using Base 64:
$echo apicsadmin:password | base64