Authentication

Claromentis REST interface supports two main types of authentication...

The PHP session

A token is passed with each request as a cookie. This authentication is usually used when the REST client is Javascript code in a browser, such as when using the standard Claromentis web UI where the user has logged into the site using the login page.

HTTP-level authentication

Claromentis currently supports two authentication modes. They are basic access authentication and digest access authentication.

Basic access authentication

Basic access is the simplest way to enforce access controls because it doesn't require cookies, session identifiers, login pages or challenge-response handshakes. Basic authentication uses standard fields in the HTTP header.

Basic authentication does not encrypt the credentials that are sent in the HTTP header so it is strongly advised that you use a https connection if you're using basic authentication.

For more information about basic authentication, take a look at the Wikipedia article on it.

Digest access authentication

Digest access is similar to basic access in that credentials are sent within the header but in this case they are hashed along with a nonce supplied by the server using a challenge-response mechanism.

For more information about digest access, take a look at the Wikipedia article or this Stackoverflow answer.

Combining HTTP authentication and the PHP Session

Each request with Basic or Digest authentication also returns Set-Cookie: HTTP header with PHP session cookie. If this cookie is kept and passed with subsequent requests, the same PHP session will be used and can work without further HTTP authentication.