Authentication methods

Basic authentication

Basic authentication is an authentication method in which only the user's user name and password are provided, and they are provided in the request header.

• Internal users (and only internal users) can use basic authentication.
• With basic authentication, the authentication and authorization information is retrieved from the operational database using information in the request header.

Guidewire recommends using basic authentication only over HTTPS (SSL).

Bearer token authentication

Bearer token authentication is an authentication method in which the authentication information is stored in a JSON Web Token (JWT, pronounced like "jot"). The phrase "bearer authentication" can be understood as "give access to the bearer of this token".

• Every type of caller can use bearer token authentication.
• With bearer token authentication, the JWT contains both authentication information and authorization information.

JWTs contain token claims. (In standard JWT parlance, these are referred to simply as "claims". To avoid confusion with claims in the property and casualty insurance sense, this documentation always refers to JWT claims as "token claims".) A token claim is a piece of information asserted about the bearer of the token, such as the bearer's name. For bearer token authentication, authentication information is stored in token claims.

Similar to basic authentication, Guidewire recommends using bearer token authentication only over HTTPS (SSL).