Authentication

From services.krediidiinfo.ee
Revision as of 11:44, 15 June 2012 by Kart (talk | contribs) (Created page with "In Krediidiinfo web services authentication takes place in two ways, which are described below: * Basic Authentication The server responds to the request with the 401 "Authe...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

In Krediidiinfo web services authentication takes place in two ways, which are described below:

  • Basic Authentication

The server responds to the request with the 401 "Authentication Required" header code, to notify the user that authentication is required. The client application must answer with the user name and password. If the user name and password are correct, and the user has the permission to make the request, the corresponding web service answer will be returned. More information on this protocol is available at http://en.wikipedia.org/wiki/Basic_access_authentication. For the developers, we have provided an example of HTTP header.


  • Certificate

For certificate-based authentication, Krediidiinfo issues a certificate (crt) for the client. The client may create a certificate signing request (csr). After receiving a request, the server asks the client for a valid certificate. More information about this protocol is available at http://www.modssl.org/docs/2.8/ssl_intro.html


Browser-based authentication

If the report is requested in a browser window, the user is first asked for the authentication certificate. If no certificate is provided, the next step is to ask the user for a user name and password according to the Basic Authentication method.