Authenticating
There are 2 ways to authenticate your API call with the integration hub.
- Provide as a query parameter
- Provide as HTTP Basic Authentication
3.1. Provide as query parameter
With this approach the token is passed as a query parameter in the url. This is the simplest and preferred mechanism for passing the token.
For example, calling the ‘echo’ service, you provided the token using the ‘token’ query parameter.
https://hubuat1.supplystream.com/hub/api/echo/v1/hello?token=2kyzudtawuxn1aqbdz31j0aovsmx55u11oidu1
3.2. Provide using HTTP Basic Authentication
With this approach the token is passed as the ‘password’ as if the client is authenticating using HTTP Basic authentication using the Authorization HTTP header. The server will ignore the username part of the header and evaluate the password as the token.
3.3. Failing Authentication
If the token is not provided or the provided token is invalid, the server will respond with return code for 401 and text ‘Access denied for this resource’
If the client fails to authenticate more than 4 times in any 60 second window, the client IP address is temporarily banned from further authentication attempts for 1 minute. In this event the client will receive the return code 503 and the text ‘EXCEEDED BAD REQUESTS’