Basic authentication
Last updated
Last updated
Basic authentication is the simplest (though not the strongest) method for authenticating API requests.
With basic authentication, a username and password are sent in the HTTP header of each API request, to authenticate a client application (in this case, Patchworks) and grant access to the associated resource.
Be aware that username and password are just labels for two pieces of information that must be provided in the header to authenticate API requests with basic authentication.
Some third-party applications WILL look for a username and password but others may require something else - for example, application id and API key. This is fine - it’s still basic authentication - we just need to configure basic authentication variables to use different display labels.
Here's how basic authentication works:
The client-server (i.e. Patchworks) sends an API request to the required third-party application server (e.g. Shopify). The request includes username and password authentication credentials in the HTTP header of the request, encoded in Base64 format.
Upon receipt of the request, the third-party application server extracts authentication credentials from the header. It then validates these credentials by comparing them with the stored user credentials in its own system/database.
If the credentials provided are valid, the third-party application server grants access to the requested resource. If the credentials are invalid or missing, the third-party application server denies access and returns an appropriate error response.
If you'd like more detailed information about how token authentication works, there's some great background information on the Postman website.
When a Patchworks user adds an instance of a connector and chooses to authenticate with basic authentication, they will see something similar to the example below:
It can be useful to compare how existing connectors have been configured for token-based authentication. The Patchworks marketplace includes many connectors that are configured to use this authentication type - a few examples are linked below:
You can install any of these for comparison.