Basic Auth

Access Aidbox API from your Service

Basic Auth

The simplest way to programmatically interact with Aidbox API is to use Basic Access Authentication. In this scheme you provide client credentials with every HTTP request in the special header - Authorization: Basic <credentials>, where <credentials> is the base64 encoding of and Client.secret joined by a colon:
GET /Patient
Accept: text/yaml
Authorization: Basic {base64( + ':' + Client.secret)}

Register Client

The first step is to create resource Client with id & secret and add 'basic' to it's grant_types collection:
POST /Client
Accept: text/yaml
Content-Type: text/yaml
id: basic
secret: secret
- basic
By default, your client does not have any permissions to access Aidbox REST API. So you probably want to configure some using Aidbox Access Policy. Access Policy can be linked to the specific client by providing the reference to clients in link collection. For more sophisticated configuration, see Access Policies documentation.
POST /AccessPolicy
Accept: text/yaml
Content-Type: text/yaml
id: api-clients
engine: allow # which means it has permisions for everything
description: Root access to specific clients
# link policy with client
- resourceType: Client
id: basic #

Making Requests with Basic Auth

Now you can make HTTP requests with Authorization header set to 'Basic ' + base64( +':' + client.secret):
GET /Patient
Accept: text/yaml
Authorization: Basic YmFzaWM6c2VjcmV0Cg==
Example with curl:
curl -u basic:secret https://yourbox/Patient
curl -H 'Authorization: Basic YmFzaWM6c2VjcmV0Cg==' https://yourbox/Patient
Most HTTP clients will do Authorization header construction for you:
axios.get('<box>/Patient', {
auth: {
password: client.secret
}).then(function(response) {
}).catch(function(error) {
console.log('Error on Authentication');
// or you can always do it by manualy set headers
fetch('<box>/Patient', {
headers: {"Authorization": 'Basic ' + btoa( + ':' + client.secret)}
}).then(resp) { ... }

Test Basic in Auth Sandbox