Authentication
Introduction to Authentication Methods in Our API
When interacting with our API, it's essential to authenticate your requests to ensure secure communication. We use HTTP Basic Authentication to achieve this. In this method, the client sends the username and password encoded in Base64 as part of the request header. This makes it a straightforward and widely supported approach for API authentication.
In HTTP Basic Auth, your API client (whether it's a website or an application) includes a special header that contains your credentials. While the credentials are encoded in Base64 for safe transmission, they are not encrypted. Therefore, using HTTPS (TLS/SSL) is crucial to ensure the security of the connection.
Example of Authentication Using curl
Below is a simple example on how to authenticate using curl with the username Aladdin and the password OpenSesame.
curl -u Aladdin:OpenSesame https://api.yourservice.com/endpoint
How Base64 Encoding Works
The credentials are sent in the following format:
Username:Password
In our case, the string would be:
Aladdin:OpenSesame
Before sending this over the network, it is converted into a Base64 encoded string. To manually generate this encoded string, you can use a Base64 encoder. Here’s how you can do it:
- Concatenate the username and password with a colon:
Aladdin:OpenSesame - Convert the result to Base64.
For example, the Base64 representation of Aladdin:OpenSesame is:
QWxhZGRpbjpPcGVuU2VzYW1l
Making the Request with the Base64 Encoded Header
Once encoded, the request header will look like this:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
You can also provide the Authorization header directly using curl:
curl -H "Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l" https://app.shipmondo.com/api/public/v3