REST Service Authentication

In the world of web applications and REST services, security is a fundamental aspect. One of the ways to protect services and ensure that only authorized users can access them is through authentication. Flokzu provides support for various authentication methods, including basic authentication, Bearer authentication, and API Key authentication.

1. API Key

API Key authentication is a method where a unique access key is generated for each user or application that wants to interact with the REST service. This key is sent in each request as a header or attached as a parameter in the URL. By validating the provided key, the REST service verifies the authenticity of the requester and grants access if the key is valid.

To configure an API Key authenticated service in Flokzu, you simply need to add a special header, usually called "API-Key" (but it may vary depending on your service).

2. Basic Authentication

Basic authentication is a simple yet effective method to secure REST services. It involves sending authentication credentials (username and password) in each request made to the service. The process of basic authentication entails including a special header called "Authorization" in the HTTP request. This header contains the username and password encoded in Base64. While Base64 encoding does not encrypt the credentials, it provides a basic form of obfuscation.

Here is an example of how the basic authentication header looks in Flokzu:



In this case, "dXNlcm5hbWU6cGFzc3dvcmQ=" is the Base64 encoding of the username:password pair (in this case, "username:password").

3. Bearer Authentication

Bearer authentication is another commonly used method in REST services. It involves including an "Authorization" header in the HTTP request, similar to basic authentication. However, instead of sending a username and password, a access token (called a Bearer token) is used. This token is generated by the external service provider and provided to us to use in our requests. When consuming a Bearer-authenticated REST service, we simply include this token in our requests to demonstrate our identity. The external service verifies it, and if everything is in order, it returns the requested data.

The Bearer token is generated through a prior authentication process, which you need to configure in Flokzu once as follows:

Go to the Settings menu → Advanced.
In the REST Authentications section, enter the Manage REST Web Service Authentications option and click on the New Authentication button.
Enter the fields for the new authentication.



Auth URL: The endpoint for authorization server. This is used to get the authorization token.
Username: Username for the authentication service.
Password: Password for the authentication service.
Token Field: Name of the field where the token to be used is returned.
Expiration Field: Name of the field where the token expiration date is returned.
Date Pattern: Date pattern of the expiration date (e.g., "yyyy-MM-dd HH:mm:ss").

Optionally, you can customize the headers and body of the call.



The token is automatically inserted in the header without the need for manual configuration.

Updated on: 18/05/2023