Authentication

The REST Toolkit supports the following authentication mechanisms:

  • Basic Authentication - simplest form of authentication (though unfortunately also the least secure). It uses a username and password and is built into the HTTP protocol.

  • API Key Authentication - uses a generated key. The key is long lived and is currently only supported in the REST Toolkit when passed via header. Currently passing the API key in the payload or via query parameter is not supported.

  • Token Based Authentication - also referred to as bearer authentication. There are many different implementations and the REST Toolkit currently supports a limited subset of the various authentication workflows.

  • Oauth2 Authentication - open authentication standard, defined in RFC 6749. REST Toolkit supports Client Credentials (recommended) and Resource Owner Password Credentials Grant (not recommended).

The REST Toolkit allow for custom authenticators to be defined using python. This is an advanced feature that can be leveraged to support authentication methods that are not currently available out of the box. See Custom Authenticators.

Supported Credential Types

Below are the supported credential types of the REST Toolkit.

  • Limited Credential Types (Basic Authentication Only)

    • Basic/Snippet

    • SOAP/XML Host

  • Fully Supported Credential Type

    • Rest snippet framework 101

To create a new Rest snippet framework 101 credential you must click Manage ‣ Credentials.

Note

The Rest snippet framework 101 credential type cannot be accessed clicking System ‣ Manage ‣ Credentials. Editing an existing credential of this type from the page below will result in an error. Updates can only be accomplished by clicking Manage ‣ Credentials.

New Credential Editor

../_images/rest_snippet_framework_cred.png

Old Credential Editor

../_images/old_cred_view.png

Authenticators