Difference between revisions of "stoney core: Authentication Resource - REST API"

From stoney cloud
Jump to: navigation, search
[unchecked revision][unchecked revision]
(No difference)

Revision as of 16:00, 3 January 2014

Auth action

To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.

Auth retrieval (GET)

Auth retrieval (GET) example

To verify the authentication the clients sends a HTTP GET request on the auth's resource URI https://api.example.com/v1/auth. The service responds with a HTTP status code:

  • 200 (OK) on success
  • 401 (Unauthorized) on authentication failure
  • 429 (Too Many Requests)

The service must never return 403 or similar to avoid attacks which try to figure out which users exist and which do not.

Request:

GET /v1/auth/ HTTP 1.1
HOST: api.example.com
AUTHORIZATION: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json

Answer:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8 

(no content for now)