In Xapix, authentication uses authentication schemes together with authentication credentials. Authentication is used to verify the identity of the client (user) attempting to access a resource on a host.

Authentication schemes

Xapix supports the following types of authentication schemes:



Credential type

API Token

An API key provided by a client when making API calls. It is a stateless authentication scheme where each request to a server must have a signed token which is used to verify user authenticity. Once verified, the server then responds to the request.

Can be either header or query parameter.


Cookie Authentication

Authenticates client requests and maintains session information using HTTP cookies. The authentication is set in an API key token.


Bearer Token

An HTTP authentication that uses security tokens called bearer tokens. These type of tokens are cryptic strings usually generated by the server in response to logins. This string must be provided in the authorization header when making requests to protected resources , for example in a cURL command --header 'Authorization: Bearer API_Key'.


Basic Authentication

Simple authentication which is part of the HTTP protocol. It requires a valid base64-encoded username:password string.



Uses an authentication server to communicate with the API server to grant access. Can be either "one-legged (for use with non-sensitive data) or "three-legged" (for sensitive data).


AWS Signature V4

A process that adds authentication information to AWS requests sent by HTTP. It requires security credentials which are username/password pairs.


Authentication credentials

Xapix supports the following types of authentication credentials:




Short-lived secret credential known only by the client and the server. It can be used in a query string, a request header or as a cookie. It is used by API Token, Cookie and Bearer Token authentication schemes.


A base64-encoded string in the form of username:password. It is used with Basic Authentication and OAuth2 authentication schemes.

Public/Private key

A key pair (public/private) that uses public-key cryptography. Private keys are secret and known only to users. Public keys are distributed to hosts. Together, the private key identifies and authorizes the user to the host that possesses the public key.