In Xapix, authentication uses authentication schemes together with authentication credentials. Authentication is used to verify the identity of the client (user) attempting to access a resource on a host.
Xapix supports the following types of authentication schemes:
An API key provided by a client when making API calls. It is a stateless authentication scheme where each request to a server must have a signed token which is used to verify user authenticity. Once verified, the server then responds to the request.
Can be either header or query parameter.
Authenticates client requests and maintains session information using HTTP cookies. The authentication is set in an API key token.
An HTTP authentication that uses security tokens called bearer tokens. These type of tokens are cryptic strings usually generated by the server in response to logins. This string must be provided in the authorization header when making requests to protected resources , for example in a cURL command
Simple authentication which is part of the HTTP protocol. It requires a valid base64-encoded
Uses an authentication server to communicate with the API server to grant access. Can be either "one-legged (for use with non-sensitive data) or "three-legged" (for sensitive data).
AWS Signature V4
A process that adds authentication information to AWS requests sent by HTTP. It requires security credentials which are username/password pairs.
Xapix supports the following types of authentication credentials:
Short-lived secret credential known only by the client and the server. It can be used in a query string, a request header or as a cookie. It is used by API Token, Cookie and Bearer Token authentication schemes.
A base64-encoded string in the form of
A key pair (public/private) that uses public-key cryptography. Private keys are secret and known only to users. Public keys are distributed to hosts. Together, the private key identifies and authorizes the user to the host that possesses the public key.