As noted more than once, HTTP_Authentication_Services is the core routine that handles authentication into the API. However, authentication is different from authorization (even though HTTP Basic Authentication uses the Authorization request header field) and this is important when building access to the API. Authentication normally means the user’s credentials are valid. However, this does not guarantee that the user has sufficient privileges to access (or modify) the requested resource. This is where authorization comes in. Failure in authentication or authorization can both return a 401 (Unauthorized) status code, but a failed authorization might return a 403 (Forbidden) status code.
© 2001-2023 SRP Computer Solutions, Inc
. All Rights Reserved.
Revelation Software graphics, logos, and help documentation are property of Revelation Software.
Powered by Atlassian Confluence, a Confluence theme by RefinedWiki