2.2. HTTP Authentication
Any user with a Red Hat Enterprise Virtualization account has access to the REST API. An API user submits a mandatory Red Hat Enterprise Virtualization Manager user name and password with all requests to the API. Each request uses HTTP Basic Authentication  to encode these credentials. If a request does not include an appropriate
Authorizationheader, the API sends a
401 Authorization Requiredas a result:
Example 2.1. Access to the REST API without appropriate credentials
HEAD [base] HTTP/1.1 Host: [host] HTTP/1.1 401 Authorization Required
Request are issued with an
Authorizationheader for the specified realm. An API user encodes an appropriate Red Hat Enterprise Virtualization Manager domain and user in the supplied credentials with the
The following table shows the process for encoding credentials in base64.
Table 2.1. Encoding credentials for API access
|base64 encoded credentials||cmhldm1hZG1pbkBibGFjay5xdW1yYW5ldC5jb206MTIzNDU2|
An API user provides the base64 encoded credentials as shown:
Example 2.2. Access to the REST API with appropriate credentials
HEAD [base] HTTP/1.1 Host: [host] Authorization: Basic cmhldm1hZG1pbkBibGFjay5xdW1yYW5ldC5jb206MTIzNDU2 HTTP/1.1 200 OK ...
Basic authentication involves potentially sensitive information, such as passwords, sent as plain text. REST API requires Hypertext Transfer Protocol Secure (HTTPS) for transport-level encryption of plain-text requests.
Some base64 libraries break the result into multiple lines and terminate each line with a newline character. This breaks the header and causes a faulty request. The Authorization header requires the encoded credentials on a single line within the header.