All Fluid Topics web services that return protected data require the caller to enter credentials. If credentials are not provided, Fluid Topics returns a 401 UNAUTHORIZED error code.
Callers can authenticate by entering an API key in the request's HTTP header. This method is based on bearer authentication.
Only ADMIN users can generate and distribute API keys. Users who do not have the ADMIN role must contact someone who does to request an API key.
- Fluid Topics encodes API keys to base64.
- Fluid Topics supports both prefixed and unprefixed authentication headers.
The following example shows how to enter an API key in the header of a call:
Authorization: Bearer QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Where QWxhZGRpbjpvcGVuIHNlc2FtZQ== is the API key as shown in the API keys administration interface for the user calling the web service.
While it is possible to authenticate using basic access authentication, this document purposely only explains how to use bearer authentication. Indeed, bearer authentication offers advantages that basic access authentication does not.