Chapter 3. Authentication

An API user provides a valid Red Hat Enterprise Virtualization Manager username and password with all invocations on the API and uses HTTP Basic Authentication ^[1] to encode these credentials. If an invocation on the API does not include an appropriate Authorization header then the API sends a 401 Authorization Required as a result:

HEAD {base} HTTP/1.1
Host: {host}

HTTP/1.1 401 Authorization Required

Request are issued with an Authorization header for the specified realm. The Red Hat Enterprise Virtualization Manager domain and user should be encoded in the supplied credentials with the username@domain convention.

Example 3.1. Encoding authentication credentials

Type	Value
username	rhevmadmin
domain	domain.example.com
password	123456
unencoded credentials	rhevmadmin@domain.example.com:123456
base64 encoded credentials	cmhldm1hZG1pbkBibGFjay5xdW1yYW5ldC5jb206MTIzNDU2

We would encode the credentials as shown:

HEAD {base} HTTP/1.1
Host: {host}
Authorization: Basic cmhldm1hZG1pbkBibGFjay5xdW1yYW5ldC5jb206MTIzNDU2

HTTP/1.1 200 OK
...

Confidentiality

Basic authentication involves potentially sensistive information such as passwords being sent in plain text, hence it is recommended that confidentiality is ensured via transport-level encryption.

^[1] Basic Authentication is described in RFC 2617 HTTP Authentication: Basic and Digest Access Authentication.