Skip to content

Authentication

  Want to use the API? Write us an email!

HTTP basic authentication flow

HTTP Basic Auth is a simple method that creates a username and password style (in our case client id and api key) authentication for HTTP requests. This technique uses a header called Authorization, with a base64 encoded representation of the username and password. Depending on the use case, HTTP Basic Auth can authenticate the user of the application, or the app itself. Be careful: The username and password can easily be decoded, they are not encrypted in any way!

A request using basic authentication for the user daniel with the password password looks like this:

GET / HTTP/1.1
Host: example.com
Authorization: Basic ZGFuaWVsOnBhc3N3b3Jk

When using basic authentication for an API, this header is usually sent in every request. The credentials become more or less an API key when used as authentication for the application. Even if it represents a username and password, it’s still just a static string.

In theory, the password could be changed once in a while, but that’s usually not the case. As with the API keys, these credentials could leak to third parties. Granted, since credentials are sent in a header, they are less likely to end up in a log somewhere than using a query or path parameter, as the API key might do.

The easiest way to do so is by running the curl command, also documented below.

curl -u "username:password" -X POST "https://renovation-advisory-api.manni-finanzcoach.de/api/project-evaluation"

Parameters for HTTP basic authentication flow

  • client_id - (optional) your application's Bitly client id.
  • client_secret - (optional) your application's Bitly client secret.
  • Authorization header with the value "Basic " + base64encode(username + ":" + password)