NetLicensing supports HTTP Basic Authentication (via SSL) relying on the client's username and password to be added in the request.
In order to access secured REST services with HTTP Basic authentication, client applications have to set the HTTP Authorization header's value to: Basic <base64_encoded_username_password>. UTF-8 is the default decoding charset; therefore, the value must also have been encoded with the same charset.
API Key Identification
NetLicensing also supports API Key Identification to allow limited API access on vendor's behalf.
Leveraging API Key improves security by:
- Reducing the need to store sensitive credentials on the client side
- Limiting the set of possible operations which can be done with a particular key
- Defining fine-grained access rules for critical services (for example: a token is only valid for one service invocation within the next 5 minutes)
Access to the REST services with an API Key is the same as with Basic Authentication, except that username is fixed to the value "
apiKey" (without quotation marks) and the actual API Key should be provided in the password field. Use of the API Key does not grant access to any account information, and is not used for authorization.
Check the services documentation to determine which security mechanisms are allowed for particular NetLicensing service.