Authentication methods

Cloud API supports two authentication methods. The methods differ based on how authentication information is sent from the caller application to PolicyCenter.

Basic authentication

Basic authentication is an authentication method in which only the user's user name and password are provided, and they are provided in the request header.

Internal users (and only internal users) can use basic authentication.
With basic authentication, the authentication and authorization information is retrieved from the operational database using information in the request header.

Guidewire recommends using basic authentication only over HTTPS (SSL).

Note: Basic authentication is not supported in production environments. It can only be used in development environments. For more information, seeBasic authentication.

Bearer token authentication

Bearer token authentication is an authentication method in which the authentication information is stored in a JSON Web Token (JWT, pronounced like "jot"). The phrase "bearer authentication" can be understood as "give access to the bearer of this token".

Every type of caller can use bearer token authentication.
With bearer token authentication, the JWT contains both authentication information and authorization information.

JWTs contain claims. (In some cases, this documentation uses the term "token claim" to differentiate between claims in a JWT and claims in the property and casualty insurance sense.) A JWT's claim is a piece of information asserted about the bearer of the token, such as the bearer's name. For bearer token authentication, authentication information is stored in claims.

Similar to basic authentication, Guidewire recommends using bearer token authentication only over HTTPS (SSL).