There are several common schemes for enabling authentication of REST requests. The following is a summary of the most common schemes:
Basic Authentication
The authorization header in the request has the base-64 encoding of the credentials (username and password). If the credentials are not provided, a 401 (Authorization Failure) error is returned. Because the encoding is weak, this mechanism is only supported when SSL/TLS is used for the transport.
X-Auth-Token Authentication
An alternative to Basic Authentication is the x-auth-token authentication. Users will execute the SessionService REST API to start a session:
POST https://10.35.0.133/api/SessionService/Sessions Input { "UserName":"root", "Password":"linux", "SessionType":"API" }
The returning header will contain the x-auth-token:
connection →Keep-Alive content-length →268 content-type →application/json; odata.metadata=minimal date →Tue, 05 Sep 2017 11:55:29 GMT keep-alive →timeout=5, max=150 location →/api/SessionService/Sessions('e1817fe6-97e5-4ea0-88a9-d865c7302152') odata-version →4.0 server →Apache x-auth-token →13bc3f63-9376-44dc-a09f-3a94591a7c5d x-frame-options →DENY
This x-auth-token will then be used in the header for subsequent REST calls and will be used to authenticate the user.