Security and Authentication
MiaRec REST API requests are secured by the following methods:
-
Authentication
All requests to be processed must be authenticated before being processed. A valid user name and password should be provided in HTTP Basic Authentication header. The user should be a valid user as pre-configured in MiaRec by using the Web based graphical interface. Requests without authentication are rejected with a 401 Unauthorized error response.
-
Encryption
When accessing MiaRec REST API over public networks, it is highly recommended to use Hypertext Transfer Protocol Secure Sockets (HTTPS) for communication between client application and MiaRec REST API so that user names, passwords and contents are protected from snooping.
-
Role based permissions
Administrator must configure which resources/operations are accessible by users. When sending API request, if the appropriate permission is not enabled for the required user, an error response is returned with status code 403 Access is denied.
The configuration of users and their permissions is done by using the Web based graphical interface.
Example of authentication using curl:
curl -u {login}:{password} https://{your-miarec-server}/api/v2/users.json