2.2. HTTP Authentication

Any user with a Red Hat Virtualization account has access to the REST API. An API user submits a mandatory Red Hat Virtualization Manager user name and password with all requests to the API. Each request uses HTTP Basic Authentication [2] to encode these credentials. If a request does not include an appropriate Authorization header, the API sends a 401 Authorization Required as a result:

Example 2.1. Access to the REST API without appropriate credentials

HEAD [base] HTTP/1.1
Host: [host]

HTTP/1.1 401 Authorization Required
Request are issued with an Authorization header for the specified realm. An API user encodes an appropriate Red Hat Virtualization Manager domain and user in the supplied credentials with the username@domain:password convention.
The following table shows the process for encoding credentials in base64.

Table 2.1. Encoding credentials for API access

Item Value
username rhevmadmin
domain domain.example.com
password 123456
unencoded credentials rhevmadmin@domain.example.com:123456
base64 encoded credentials cmhldm1hZG1pbkBibGFjay5xdW1yYW5ldC5jb206MTIzNDU2
An API user provides the base64 encoded credentials as shown:

Example 2.2. Access to the REST API with appropriate credentials

HEAD [base] HTTP/1.1
Host: [host]
Authorization: Basic cmhldm1hZG1pbkBibGFjay5xdW1yYW5ldC5jb206MTIzNDU2

HTTP/1.1 200 OK
...

Important

Basic authentication involves potentially sensitive information, such as passwords, sent as plain text. REST API requires Hypertext Transfer Protocol Secure (HTTPS) for transport-level encryption of plain-text requests.

Important

Some base64 libraries break the result into multiple lines and terminate each line with a newline character. This breaks the header and causes a faulty request. The Authorization header requires the encoded credentials on a single line within the header.