Authorization for API calls

For authenticating API calls, Kloudfuse supports basic authorization, using local user and password credentials.

To configure local users, see Add Users.

Client side authorization

When sending authentication credentials to the server, we recommend that you configure the user agent to use an Authorization header field.

To construct the authorization header field, follow these steps:

  1. Combine the username and password using a colon, ::

    username:password (1)
    code
    1 The username cannot contain a colon

  2. Encode the resulting string into an octet sequence.

    Any character set works, if it is compatible with US-ASCII.

    The server may suggest using UTF-8 by sending the charset parameter.

  3. Encode the result using a variant of Base64 (+/ and with padding).

  4. Prepend hte authorization method and a space character (examle: "Basic ") to the encoded string.

Header encoding example

If the username is Aladdin and password is open sesame, the field’s value is the Base64 encoding of Aladdin:open sesame, or QWxhZGRpbjpvcGVuIHNlc2FtZQ==.

Then the Authorization header field appear as:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

'Basic ' + base64.b64encode(f"{<clientid>}:{<client secret key>}".encode()).decode()
code

Authorization for a single query Request

  1. When issuing a curl command, supply the <username> argument.

    curl -u <username> <rest of the command>

  2. The system prompts the user to enter the password, then processes the query.