Basic Auth with API Gateway application


When I create a client application in API Gateway I can define only OAuth2, JWT or OpenID as an authentication strategy, is there a way to use basic Auth?



Please use other identifiers → username.

The solution I found is adding an Authorization Basic string in Http headers manually, the string is username:password encoded in base64. And also activating HTTP Headers Identification type in API scope.

Hi @anass.tahiri

I am really sorry but this should not be done for basic authentication. But instead it should be done using Identification type as Basic Authentication and application identifier as Username.

Hi @srikanth.prathipati1803
But how can I define my password ?

Hi @anass.tahiri
you should define the user and password here under User Management.

@srikanth.prathipati1803 Sorry, but here we are talking about platform users not applications, I will not make a client as a platform user just to invoke the API. I think the application authentication strategy is clear as we do for OAuth2 for example, the client has his identifiers, but he doesn’t need to be a user in the platform but he’s just related to the application.
I agree with your aproch but in case the client is a platform user, I see that it’s not something secure that’s why we use applications.

For that OAuth2 Token should be used but header should not be configured as below.