Credentials are used to authenticate with Core LRS from systems which use HTTP Basic Authentication, which takes the form of a Username and Password. Credentials offer administrators control over both their longevity and permissions allowing fine grained control over their usage within the account.
Core LRS supports two methods of authentication to secure access to the API. In addition to Credentials, Keys can also be used to authenticate using a Shared Key.
Credentials are managed from within the ‘Credentials’ section of the Portal. Unlike Keys, any number of Credentials can be created offering administrators greater flexibility over their distribution and usage.
To create a new Credential:
Click ‘Add New’
Choose a Username for the Credential
Set an Expiry Date and Permission for the Credential
Copy the generated password displayed, since it will be shown only once
Each credential can have one of the following permissions:
Read: The credential can only be used to read data
Write: The credential can only be used to write data
All: The credential can be used to read and write data
Existing credentials can also be edited and deleted from within the Portal. Since it’s not possible to change the username of an existing credential, a new one should be created to replace it if required.
Credentials can be used to authenticate API requests using the HTTP Basic Authentication method.
Most languages will have libraries which can help with Basic Authentication, however it could also be handled manually as follows:
The username and password should be combined with a single colon (:)
The combined string should be Base64 encoded
The authorization header should then be set with “Basic” followed by a space character, then the Base64 string
For example, if the username is ‘Bob’ and the password is ‘password’:
Base64(“Bob:password”) = “Qm9iOnBhc3N3b3Jk”
Authorization: Basic Qm9iOnBhc3N3b3Jk