Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

There are cases where a web server only exists to serve a limited range of clients. Whitelisted IPs provides a way to note which IP addresses are permitted to make API requests. If there are no IPs whitelisted then all IPs are permitted. This does not by-pass authentication (i.e., this is not the same as a non-authenticated URL). All requests will still need to be authenticated, assuming authentication is enabled.

Authentication Failures

The default SRP HTTP Framework authentication logic performs two types checks, which are described below.

401 Unauthorized Request

Any request that fails to authenticate itself properly will automatically be rejected with a response like this:

No Format
Status: 401 Unauthorized (RFC 7235) Access-Control-Allow-Origin: * Content-Type: application/problem+json Content-Length: 113 { "type":"about:blank", "title":"Unauthorized (RFC 7235)", "status":401, "instance":"http://127.0.0.1/api/customers" }

No Format

Status: 401 Unauthorized (RFC 7235)
Access-Control-Allow-Origin: *
Content-Type: application/problem+json
Content-Length: 113

{
   "type":"about:blank",
   "title":"Unauthorized (RFC 7235)",
   "status":401,
   "instance":"http://127.0.0.1/api/customers"
}

Content

Space Tools

Versions Compared

Old Version 17

New Version 18

Key

Authentication Failures

401 Unauthorized Request