Basic Auth

Access Aidbox API from your Service

Basic Auth

The simplest way to programmatically interact with Aidbox API is to use Basic Access Authentication. In this scheme you provide client credentials with every HTTP request in special header - Authorization: Basic <credentials>, where <credentials> is the base64 encoding of and Client.secret joined by a colon:

GET /Patient
Authorization: Basic {base64( + ':' + Client.secret)}

Register Client

The first step is to create resource Client with id & secret and add 'basic' to it's grant_types collection:

POST /Client
id: basic
secret: secret
grant_types: ['basic']

By default your client does not have any permissions to access Aidbox REST API. So you probably want to configure some using Aidbox Access Policy. Access Policy can be linked to specific client, by providing reference to clients in link collection. For more sophisticated configuration see Access Policies documentation.

POST /AccessPolicy
id: api-clients
engine: allow # which means it has permisions for everything
description: Root access to specific clients
# link policy with client
- resourceType: Client
id: basic #

Making Requests with Basic Auth

Now you can make HTTP requests with Authorization header set to 'Basic ' + base64( +':' + client.secret):

GET /Patient
Authorization: Basic YmFzaWM6c2VjcmV0Cg==

Example with curl:

curl -u basic:secret https://yourbox/Patient
curl -H 'Authorization: Basic YmFzaWM6c2VjcmV0Cg==' https://yourbox/Patient

Most of HTTP clients will do Authorization header construction for you:

axios.get('<box>/Patient', {
auth: {
password: client.secret
}).then(function(response) {
}).catch(function(error) {
console.log('Error on Authentication');
// or you can always do it by manualy set headers
fetch('<box>/Patient', {
headers: {"Authorization": 'Basic ' + btoa( + ':' + client.secret)}
}).then(resp) { ... }

Test Basic in Auth Sandbox