How to configure Basic Auth flow

Access Aidbox API from your Service

The simplest way to programmatically interact with Aidbox API is to use Basic Access Authentication. In this scheme you provide client credentials with every HTTP request in the special header - Authorization: Basic <credentials>, where <credentials> is the base64 encoding of Client.id and Client.secret joined by a colon:

GET /Patient
Accept: text/yaml
Authorization: Basic {base64(Client.id + ':' + Client.secret)}

Easy way

The easiest way to test Basic Auth is to run through the Aidbox Sandbox UI (Auth -> Sandbox -> Basic Auth).

Register Client

The first step is to create resource Client with id & secret and add 'basic' to it's grant_types collection:

POST /fhir/Client
Accept: text/yaml
Content-Type: text/yaml

id: basic
secret: secret
grant_types:
  - basic

By default, your client does not have any permissions to access Aidbox REST API. So you probably want to configure some using Aidbox Access Policy. Access Policy can be linked to the specific client by providing the reference to clients in link collection. For more sophisticated configuration, see Access Policies documentation.

POST /fhir/AccessPolicy
Accept: text/yaml
Content-Type: text/yaml

id: api-clients
engine: allow # which means it has permisions for everything
description: Root access to specific clients
link:
  # link policy with client
  - reference: Client/basic

Making Requests with Basic Auth

Now you can make HTTP requests with Authorization header set to 'Basic ' + base64(client.id +':' + client.secret):

basic-request

GET /fhir/Patient
Accept: text/yaml
Authorization: Basic YmFzaWM6c2VjcmV0Cg==

Example with curl:

curl -u basic:secret https://yourbox/Patient
curl -H 'Authorization: Basic YmFzaWM6c2VjcmV0Cg==' https://yourbox/Patient

Most HTTP clients will do Authorization header construction for you:

js-example

axios.get('<box>/Patient', {
  auth: {
    username: client.id,
    password: client.secret
  }
}).then(function(response) {
   console.log('Authenticated');
}).catch(function(error) {
   console.log('Error on Authentication');
});

// or you can always do it by manualy set headers
fetch('<box>/Patient', {
   headers: {"Authorization": 'Basic ' + btoa(client.id + ':' + client.secret)}
}).then(resp) { ... }

PreviousAccessPolicy best practices NextHow to configure Authorization Code Grant

Last updated 21 days ago

Was this helpful?

POST /fhir/AccessPolicy Accept: text/yaml Content-Type: text/yaml id: api-clients engine: allow # which means it has permisions for everything description: Root access to specific clients link: # link policy with client - reference: Client/basic

axios.get('<box>/Patient', { auth: { username: client.id, password: client.secret } }).then(function(response) { console.log('Authenticated'); }).catch(function(error) { console.log('Error on Authentication'); }); // or you can always do it by manualy set headers fetch('<box>/Patient', { headers: {"Authorization": 'Basic ' + btoa(client.id + ':' + client.secret)} }).then(resp) { ... }