.. _authentication: ############## Authentication ############## The REST Toolkit supports the following authentication mechanisms: * :ref:`Basic Authentication ` - simplest form of authentication (though unfortunately also the least secure). It uses a username and password and is built into the HTTP protocol. * :ref:`API Key Authentication ` - uses a generated key. The key is long lived and is currently only supported in the REST Toolkit when passed via header. Currently passing the API key in the payload or via query parameter is **not** supported. * :ref:`Token Based Authentication ` - also referred to as bearer authentication. There are many different implementations and the REST Toolkit currently supports a limited subset of the various authentication workflows. * :ref:`Oauth2 Authentication ` - open authentication standard, defined in :rfc:`6749`. REST Toolkit supports Client Credentials (recommended) and Resource Owner Password Credentials Grant (not recommended). The REST Toolkit allow for custom authenticators to be defined using python. This is an advanced feature that can be leveraged to support authentication methods that are not currently available out of the box. See :ref:`Custom Authenticators `. ************************** Supported Credential Types ************************** Below are the supported credential types of the REST Toolkit. * Limited Credential Types (Basic Authentication Only) * Basic/Snippet * SOAP/XML Host * Fully Supported Credential Type * Rest snippet framework 101 To create a new *Rest snippet framework 101 credential* you must click :menuselection:`Manage --> Credentials`. .. note:: The *Rest snippet framework 101 credential type* cannot be accessed clicking :menuselection:`System --> Manage --> Credentials`. Editing an existing credential of this type from the page below will result in an error. Updates can only be accomplished by clicking :menuselection:`Manage --> Credentials`. **New Credential Editor** .. image:: ../_static/authentication/images/rest_snippet_framework_cred.png **Old Credential Editor** .. image:: ../_static/authentication/images/old_cred_view.png ************** Authenticators ************** .. toctree:: :maxdepth: 3 basic apikey token oauth2