Basic Authentication

If your application is not going to be published or used by other users than you or the people in your organisation then you can use a simpler way of authentication.

Instead of using the application key and the secret key, you can use your regular username and password. Any API calls using this authentication method will run in the context of the user making the call, and therefore inherit all the roles of that user.

Applications using this authentication method cannot be published in the App market as they would require your users to provide their username and password to the application developer.

In order to use the internal authentication your user must be granted API access. You can do this by accessing the user details from the users list, clicking on the “Status” tab and enabling the option “API Access". You must also enable the option to make this user an unrestricted administrator or assign one or more roles to it.

Creating the authentication token

This authentication method doesn't need a calculated authentication token. Simply add a valid HTTP authentication header using your email and password


httpClient.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(
string.Format("{0}:{1}", username, password))));

$header = "Authorization: Basic " . base64_encode($username . ':' . $password);

base64string = base64.encodestring('%s:%s' % (username, password)).replace('\n', '')
header = ("Authorization: Basic %s" % base64string)

$header = 'Authorization: Basic ' + Base64.encode64( username + ':' + password ).chomp

type: "GET",
url: "",
dataType: 'json',
headers: {
"Authorization", btoa(username + ":" + password)
data: '{}',
success: function (){

var username = 'Test';
var password = '123';
var auth = 'Basic ' + new Buffer(username + ':' + password).toString('base64');

var header = {'Host': '', 'Authorization': auth};
var request = client.request('GET', '/', header);

If you need to manually create the value header, it's calculated by Base64 encoding the string username:password. The username is the email of the user accessing your application (parameter e) and the password is the token you created following the steps above.

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.