5.214
MWS uses Basic Authentication for all REST API requests. This means that a username and password must be provided for each call to resources. There are two types of accounts that can be granted access: Users and Applications.
- For instructions on how to set the credentials for the default User account, see 5.207 Securing Client Connections to MWS.
- For instructions on how to manage Application accounts, see Chapter 5 Access Control.
To use Basic Authentication, each client request must contain a header that looks like this:
Authorization: Basic YWRhcHRpdmU6YzNVU3R1bkU=
The string after the word Basic is the base64 encoding of username : password. In the example above, YWRhcHRpdmU6YzNVU3R1bkU= is the base64 encoding of adaptive:c3UStunE. For more details, see section 2 of RFC 2617.
The username and password in the Basic Authentication header are encoded but not encrypted. Therefore, it is strongly recommended that MWS be run behind a proxy (like Apache) with SSL enabled. See Encrypting Client Connections Using Apache and SSL for more information.
Related Topics