Documentation
Policies Reference
Basic Authorization
Description
The Basic Authorization policy follows the RFC-7617 standard. From the standard, if a user agent wanted to send the user-id “Aladdin” and password “open sesame”, it would use the following HTTP header.
Example: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Usage
In order to use the Basic Authorization policy, consumers must be created and basic-auth credentials created for them.
To create consumers (users and apps): use the CLI and create user or create app command.
To create a basic-auth credential for an app or user: use the CLI and create credential command with type basic-auth.
To enable the Basic Authorization policy, add basic-auth in gateway.config.yml in the policies section.
policies:
- basic-auth
# other policies
Example
pipelines:
pipeline1:
apiEndpoints:
- authorizedEndpoint
policies:
- basic-auth:
- proxy:
action:
serviceEndpoint: backend
You can use cURL to test that the policy is working correctly:
curl -H "Authorization: Basic base64encoded(username:password)" https://gatewayurl/api/testEndpoint
Note: Make sure to replace the base64encoded(username:password) with the correct data generated by the gateway.
Options Reference
passThrough:- determines whether the gateway should execute the successive policy in case the auth process fails. If set to false,
the gateway will return an
Unauthorizedresponse. - default value:
false
- determines whether the gateway should execute the successive policy in case the auth process fails. If set to false,
the gateway will return an