auth action implements HTTP Basic authentication between the client and FLAT. It is useful to protect APIs under development.
auth action contains a list of
user elements which have the following attributes:
pass="..." to define a password (required, must not be empty)
name="..." to define a username (optional, defaults to the empty string)
If the client has not sent authentication credentials, a
401 Authentication Required status is returned and the flow is halted. In a subsequent request with credentials matching a configured user, the action does not halt the flow.
📎 Basic authentication does not provide strong protection, as no encryption is used. You should only use it on HTTPS connections.
<auth><user pass="top secret" /><user name="fred" pass="wilma" /><!-- repeated user is ignored --><user name="fred" pass="betty" /></auth>
📎 Only the first match is evaluated if user names are repeated.
The following cases are considered fatal and will terminate the request:
the action has no
user has no