{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • General /
avatar image
0
Question by sairam b · Apr 21, 2017 at 09:58 AM · 2.4k Views authenticationbasic authweb application security

How to include user name and password before I call a secured(basic authentication) web service

Hi team,

I am new to APIGEE, I need to call a web service which is secured with basic authentication,

I need to pass user name and password of that service so that request will be authenticated successfully.

Could you please let me know where should I pass credentials.

Many thanks

,

Comment
Add comment Show 1
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image sairam b · Apr 21, 2017 at 10:02 AM 0
Link
@Birute Awasthi

any pointers on this ??

Close

2 Answers

  • Sort: 
avatar image
1

Answer by Siddharth Barahalikar   · Apr 21, 2017 at 12:03 PM

Hi @sairam b, there are multiple approaches to achieve this,

For testing purpose, you can use Postman client where you can enter username & password.

Withing Apigee, what I usually do is,

  • First convert your username and password to Base64 string
  • Simply use an Assign Message policy with Set >> Headers
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-1">
    <DisplayName>Assign Message-1</DisplayName>
    <Set>
        <Headers>
            <Header name="Authorization">Basic <base64 string></Header>
        </Headers>
    </Set>
    
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="request"/>
</AssignMessage>

Let me know if it worked.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image ramakrishna.mangi · Jul 04, 2017 at 08:22 AM 0
Link

@Barahalikar Siddharth . I followed above steps shared by you. But I am getting below error.

20003 Your AccountSid or AuthToken was incorrect. Authentication Error - No credentials provided https://www.twilio.com/docs/errors/20003> 401

I have used postman client and attached is screenshot for your reference. Request you to please help here.

screenshot.png

screenshot.png (52.4 kB)
avatar image
1

Answer by Dino   · Apr 21, 2017 at 11:17 PM

Assuming you have the username and password stored *somewhere*, What I would do is use the BasicAuthentication policy, and encode the header. like this:

<BasicAuthentication name="ApplyBasicAuthHeader">
   <DisplayName>ApplyBasicAuthHeader</DisplayName>
   <Operation>Encode</Operation>
   <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
   <User ref="BasicAuth.credentials.username" />
   <Password ref="BasicAuth.credentials.password" />
   <AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>

Attach that policy into the target request flow. The outbound request will carry the credentials.

Comment
Add comment Show 5 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image ramakrishna.mangi · Jul 04, 2017 at 09:23 AM 0
Link

@Dino , as per your above comment "Assuming you have the username and password stored *somewhere*" . Could you please let m eknow where we can store username and password.

Can we store inside APIs-> Environment configuration->KVM or in some other place?

avatar image Anil Sagar @ Google ♦♦ ramakrishna.mangi   · Jul 04, 2017 at 09:37 AM 0
Link

If you would like to store in Apigee, I suggest Encrypted KVM.

avatar image ramakrishna.mangi Anil Sagar @ Google ♦♦ · Jul 04, 2017 at 10:09 AM 0
Link

@Anil Sagar Thansk for quick response. I encrypted Account SID and Auth Token in KVM. and used basic auth policy in target end point pre flow as below.

and while sending request i used header Authorization:Basic XXXX.BUt i am getting below error message.

{ "fault": { "faultstring": "Unresolved variable : BasicAuth.credentials.Account SID", "detail": { "errorcode": "steps.basicauthentication.UnresolvedVariable" } } }

Request you to help me here

target-end-point-pre-flow.png (23.7 kB)
Show more comments

Follow this Question

Answers Answers and Comments

41 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Defining global variables / keys - access token and customer ID 1 Answer

OAuthV2 policy throwing error Invalid client identifier error if the policy is placed after a servicecalloutpolicy 1 Answer

​Invoking an api that requires windows authentication 2 Answers

Secure an API with OAuth tutorial: Failed to connect, timeout 1 Answer

Facebook authentication Using Google cloud API endpoints returning 401 error (Unauthorized) 0 Answers

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges