stoney core: Authentication Resource - REST API
To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.
Auth retrieval (GET)
Auth retrieval (GET) example
To verify the authentication the clients sends a HTTP
GET request on the auth's resource URI
The service responds with a HTTP status code:
- 200 (OK) on success
- 401 (Unauthorized) on authentication failure
- 429 (Too Many Requests)
The service must never return
403 or similar to avoid attacks which try to figure out which users exist and which do not.
GET /v1/auth/ HTTP 1.1 HOST: api.example.com AUTHORIZATION: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
(no content for now)