How to access correctly with Basic Auth?

Not applicable

Where can I add credentials into request to access endpoint by Basic Auth?

To access a data endpoint, I have created a API Gateway.
Now I need to know how to tell apigee to provide authorization as Basic Header in my request?
The endpoint is secured by htaccess.

I have creaded a 'Basic-Authentication-1' and put it into "Proxy Endpoint" Pre Flow and PostFlow als well as into "Target Endpoints" in PreFlow and PostFlow.
But this does not work. I get an error 500.

Moreover, I have deleted 'Basic-Authentication-2' several times, but it still appear again.

6029-apigee-screenshot-2017-11-29-14-58-07.png

0 3 1,574
3 REPLIES 3

1) Check if your BasicAuthentication policy looks similar to this one

<BasicAuthentication name="ApplyBasicAuthHeader">
   <DisplayName>ApplyBasicAuthHeader</DisplayName>
   <Operation>Encode</Operation>
   <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
   <User>mysecureuser</User>
   <Password>mysecurepass</Password>
   <AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>

The username and password are hardcoded here just to get this demo working. Ideally they would come from an encrypted KVM to ensure their safety.

2) Add this policy to PreFlow of TargetEndpoint. It can be added to any phase in the request but PreFlow of TargetEndpoint would be a good place for this one.

3) From "Project" drop down click on "Save as New Revision"

4) From "Deployment" drop down click on the environment you want to deploy this to (test probably)

5) Jump to "TRACE", turn on trace for the environment

6) Make a request to the API. Ensure your request (from client) does not have an "Authorization" header. (If so, it needs to be stripped off - Refer AssignMessage policy)

7) Verify if the request to the backend has a Authorization header

@Madhan Sadasivam Thank you, I‘ve made a test like this:

a) Create an API to endpoint

http://httpbin.org/basic-auth/user/passwd

b) Call the created API with API Console tool or with Postman : the result is an error (this was expected)

c) In development tab: click on „Proxy Endpoint“ / „Pre Flow“ : create „Basic Auth“ and save it.

<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User name="userName" ref="request.header.username"/>
    <Password name="password" ref="request.header.password"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

d) Test again with API Console or with Postman. Select „Basic Auth“ and use the credentials provided by httpbin. : the result is OK.

Conclusion: As far as I understand now, I have to use "Decode" for Proxy Endpoint and "Encode" for Real Endpoint? A second authentication policy for „Encode“ is not necessary in this case?

Not applicable

Typically you pass the base64 encoded value of username:password within the Authorization header with prefix as "Basic". For example Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==