auth Action

The auth action implements HTTP Basic authentication between the client and FLAT. It is useful to protect APIs under development.


An auth action contains a list of user elements which have the following attributes:

  • pass="..." to define a password (required, must not be empty)

  • name="..." to define a username (optional, defaults to the empty string)


If the client has not sent authentication credentials, a 401 Authentication Required status is returned and the flow is halted. In a subsequent request with credentials matching a configured user, the action does not halt the flow.

📎 Basic authentication does not provide strong protection, as no encryption is used. You should only use it on HTTPS connections.


<user pass="top secret" />
<user name="fred" pass="wilma" />
<!-- repeated user is ignored -->
<user name="fred" pass="betty" />

📎 Only the first match is evaluated if user names are repeated.


The following cases are considered fatal and will terminate the request:

  • the action has no user element

  • a user has no pass attribute