Authentication methods
Cloud API supports two authentication methods. The methods differ based on how authentication information is sent from the caller application to PolicyCenter.
Basic authentication
Basic authentication is an authentication method in which only the user's user name and password are provided, and they are provided in the request header.
- Internal users (and only internal users) can use basic authentication.
- With basic authentication, the authentication and authorization information is retrieved from the operational database using information in the request header.
Bearer token authentication
Bearer token authentication is an authentication method in which the authentication information is stored in a JSON Web Token (JWT, pronounced like "jot"). The phrase "bearer authentication" can be understood as "give access to the bearer of this token".
- Every type of caller can use bearer token authentication.
- With bearer token authentication, the JWT contains both authentication information and authorization information.
JWTs contain claims. (In some cases, this documentation uses the term "token claim" to differentiate between claims in a JWT and claims in the property and casualty insurance sense.) A JWT's claim is a piece of information asserted about the bearer of the token, such as the bearer's name. For bearer token authentication, authentication information is stored in claims.
Similar to basic authentication, Guidewire recommends using bearer token authentication only over HTTPS (SSL).