Basic Authentication – Simple
Basic authentication is simple and most widely used authentication mechanism in HTTP based services or APIs. The client sends HTTP requests with the Authorization HTTP header that contains the word Basic word followed by a space and a base64-encoded string username:password .
For example, to authorize as username/password the client would send below HTTP header
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
MuleSoft already provide OOTB Basic Authorization policy in API Manager which can be assigned to any mulesoft APIs to secure its endpoint
To Start with we first create a sample project in Design Center
Project – basic-auth-sample
RAML –
#%RAML 1.0 title: basic-auth-sample version: 1.0.0 securitySchemes: basic: description: | This API supports Basic Authentication. type: Basic Authentication /booking: get: securedBy: [basic] description: retrieve route list queryParameters: destination: type: string required: false responses: 200: body: application/json:
Design Center
Now publish it to Exchange and API Manager
Exchange –
Provide the asset version
Exchange asset will be created
Now create an API Manager configuration
This will create the API Manager configuration for basic-auth-sample
Click Policies -> Apply New Policy -> Basic authentication – Simple policy
Provide the username and password and click apply
Policy will come in API policies list
Now create mule application in Anypoint Studio
Add API Auto Discovery configuration – more on API Auto Discovery
Deploy the project on Cloudhub
API Manager Configuration should now come as active
Now if we test our API it will through 401 Unauthorized error
Now we will use the same Username and password which we configured in Basic Auth policy
Now we can see the 200 success response
Design Center project – basic-auth-sample
Sample mule application – basic-auth-sample
Sample SOAP UI project – basic-auth-sample-soapui-project
Can we customise the error throwing when we are not providing username and password in the postman or soap ui
Simply to say, when we are providing username and password. It is throwing an in built message – {
“error”: “Registered authentication is set to HTTP basic authentication but there was no security context on the session. Authentication denied on connector HTTP listener”
}
Now I want to customise this error to my own error format which should be understandable to end user
Thank You
Hi,
You can write your custom policy which does the authentication and can set the custom response you want to return.
Thanks,
Mulesy Team