Basic Auth
Access Aidbox API from your Service

Basic Auth

The simplest way to programmatically interact with Aidbox API is to use Basic Access Authentication. In this scheme you provide client credentials with every HTTP request in the special header - Authorization: Basic <credentials>, where <credentials> is the base64 encoding of Client.id and Client.secret joined by a colon:
1
GET /Patient
2
Accept: text/yaml
3
Authorization: Basic {base64(Client.id + ':' + Client.secret)}
Copied!

Register Client

The first step is to create resource Client with id & secret and add 'basic' to it's grant_types collection:
1
POST /Client
2
Accept: text/yaml
3
Content-Type: text/yaml
4
​
5
id: basic
6
secret: secret
7
grant_types: ['basic']
Copied!
By default, your client does not have any permissions to access Aidbox REST API. So you probably want to configure some using Aidbox Access Policy. Access Policy can be linked to the specific client by providing the reference to clients in link collection. For more sophisticated configuration, see Access Policies documentation.
1
POST /AccessPolicy
2
Accept: text/yaml
3
Content-Type: text/yaml
4
​
5
id: api-clients
6
engine: allow # which means it has permisions for everything
7
description: Root access to specific clients
8
link:
9
# link policy with client
10
- resourceType: Client
11
id: basic # client.id
12
​
Copied!

Making Requests with Basic Auth

Now you can make HTTP requests with Authorization header set to 'Basic ' + base64(client.id +':' + client.secret):
basic-request
1
GET /Patient
2
Accept: text/yaml
3
Authorization: Basic YmFzaWM6c2VjcmV0Cg==
Copied!
Example with curl:
1
curl -u basic:secret https://yourbox/Patient
2
curl -H 'Authorization: Basic YmFzaWM6c2VjcmV0Cg==' https://yourbox/Patient
Copied!
Most HTTP clients will do Authorization header construction for you:
js-example
1
axios.get('<box>/Patient', {
2
auth: {
3
username: client.id,
4
password: client.secret
5
}
6
}).then(function(response) {
7
console.log('Authenticated');
8
}).catch(function(error) {
9
console.log('Error on Authentication');
10
});
11
​
12
// or you can always do it by manualy set headers
13
fetch('<box>/Patient', {
14
headers: {"Authorization": 'Basic ' + btoa(client.id + ':' + client.secret)}
15
}).then(resp) { ... }
16
​
Copied!

Test Basic in Auth Sandbox

​
Last modified 2mo ago