Credentials are used to authenticate with Core LRS from systems which use HTTP Basic Authentication, which takes the form of a Username and Password. Credentials offer administrators control over both their longevity and permissions allowing fine grained control over their usage within the account.

Core LRS supports two methods of authentication to secure access to the API. In addition to Credentials, Keys can also be used to authenticate using a Shared Key.

Create Credentials

Credentials are managed from within the ‘Credentials’ section of the Portal. Unlike Keys, any number of Credentials can be created offering administrators greater flexibility over their distribution and usage.

To create a new Credential:

  1. Click ‘Add New’

  2. Choose a Username for the Credential

  3. Set an Expiry Date and Permission for the Credential

  4. Click ‘Create’

  5. Copy the generated password displayed, since it will be shown only once

Each credential can have one of the following permissions:

  • Read: The credential can only be used to read data

  • Write: The credential can only be used to write data

  • All: The credential can be used to read and write data

Existing credentials can also be edited and deleted from within the Portal. Since it’s not possible to change the username of an existing credential, a new one should be created to replace it if required.

Using Credentials

Credentials can be used to authenticate API requests using the HTTP Basic Authentication method.

Most languages will have libraries which can help with Basic Authentication, however it could also be handled manually as follows:

  1. The username and password should be combined with a single colon (:)

  2. The combined string should be Base64 encoded

  3. The authorization header should then be set with “Basic” followed by a space character, then the Base64 string

For example, if the username is ‘Bob’ and the password is ‘password’:

Base64(“Bob:password”) = “Qm9iOnBhc3N3b3Jk”

Authorization: Basic Qm9iOnBhc3N3b3Jk