Basic authentication

Within the context of system API authentication, an internal user is a person who is listed as a user in the PolicyCenter database. For example, Alice Applegate, a PolicyCenter underwriter, is an internal user. Internal users can use caller applications and trigger system API calls from that application. For example, suppose there is a location photography portal that contains pictures of covered buildings taken by a third-party field agent. An underwriter reviews and selects pictures to be saved to PolicyCenter. This action triggers a system API call by an internal user from a caller application.

Internal users can be authenticated using either basic authentication or bearer token authentication. Basic authentication is an authentication method in which only the user's user name and password are provided, and they are provided in the request header.

• Internal users (and only internal users) can use basic authentication.
• With basic authentication, the authentication information is retrieved from the operational database using information in the request header

Basic authentication is useful in development when you want to test aspects of endpoint behavior that are not related to authentication. Basic authentication does not require any interaction with Guidewire Hub to generate JWTs. You can authenticate a system API call using only the caller application and PolicyCenter.

This topic describes how to implement basic authentication for internal users. (For information on how to implement bearer token authentication for internal users, see OAuth2 authorization code flow: Internal users.)