Basic Auth with API Gateway application


When I create a client application in API Gateway I can define only OAuth2, JWT or OpenID as an authentication strategy, is there a way to use basic Auth?



Please use other identifiers → username.

The solution I found is adding an Authorization Basic string in Http headers manually, the string is username:password encoded in base64. And also activating HTTP Headers Identification type in API scope.

Hi @anass.tahiri

I am really sorry but this should not be done for basic authentication. But instead it should be done using Identification type as Basic Authentication and application identifier as Username.

Hi @srikanth.prathipati1803
But how can I define my password ?

Hi @anass.tahiri
you should define the user and password here under User Management.

@srikanth.prathipati1803 Sorry, but here we are talking about platform users not applications, I will not make a client as a platform user just to invoke the API. I think the application authentication strategy is clear as we do for OAuth2 for example, the client has his identifiers, but he doesn’t need to be a user in the platform but he’s just related to the application.
I agree with your aproch but in case the client is a platform user, I see that it’s not something secure that’s why we use applications.

For that OAuth2 Token should be used but header should not be configured as below.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.