Authentication

MWS uses Basic Authentication for all REST API requests. This means that a username and password must be provided for each call to resources. There are two types of accounts that can be granted access: Users and Applications.

• For instructions on how to set the credentials for the default User account, see Setting up MWS Security.
• For instructions on how to manage Application accounts, see Access Control.

To use Basic Authentication, each client request must contain a header that looks like this:

Authorization: Basic YWRhcHRpdmU6YzNVU3R1bkU=

The string after the word Basic is the base64 encoding of username : password. In the example above, YWRhcHRpdmU6YzNVU3R1bkU= is the base64 encoding of adaptive:c3UStunE. For more details, see section 2 of RFC 2617.

The username and password in the Basic Authentication header are encoded but not encrypted. Therefore, it is strongly recommended that MWS be run behind a proxy (like Apache) with SSL enabled. For more information, see Setting up MWS Security.

Related Topics 

• About the API

© 2015 Adaptive Computing