Sending authenticated calls with basic authentication

To request authentication for an internal user using basic authentication, the caller application must include the authentication information in the header of the request object. For example:

--header 'Authorization: Basic YWFwcGxlZ2F0ZTpndw=='

In the base configuration, when PolicyCenter receives a call with basic auth information in the header, it queries the database to verify that the user is a known internal user and that the password matches the user name. If these two things are true, the internal user is authenticated.

Authentication failure error messages

For endpoints that return elements, when a given resource exists but the user lacks authorization to access it, Cloud API throws the following user message. This is the same message that is returned when the resource does not exist.

"status": 404,
        "errorCode": "gw.api.rest.exceptions.NotFoundException",
        "userMessage": "No resource was found at path <path>"

For endpoints that return collections, Cloud API returns all resources that meet the criteria and for which the user has sufficient resource access. If a resource exists, but the user lacks sufficient authorization, Cloud API omits it from the results.

These approaches are considered to be more secure as they prevent malicious callers from being able to verify the existence of data that they are not authorized to access.

Send a Postman call with basic authentication

About this task

You can use basic authentication with API calls made from Postman.

Procedure

  1. Open Postman.
  2. Start a new request by clicking the + to the right of the Launchpad tab.
  3. Specify an operation and URL as appropriate.
  4. To provide authorization using basic authorization:
    1. Click the Authorization tab.
    2. For the Type drop-down list, select Basic Auth.
    3. In the Username field, enter the user name (such as aapplegate).
    4. In the Password field, enter the password (such as gw).
  5. Click the Send button to the right of the request field.

Results

Every Postman tab has its own authentication information. When you modify the request on an existing tab by changing the URL or choosing a new operation, you do not need to re-enter the authentication information. But when you open a new tab, you do need to provide authentication information. If you encounter a NotFoundException such as the following example, this could be caused by not providing correct authentication information. 
"status": 404,
"errorCode": "gw.api.rest.exceptions.NotFoundException",
"userMessage": "No resource was found at path /common/v1/activities/cc:20"