Security and Permissions
Using API keys
The key must be passed in the
Authorization header on every API request. For example:
curl -v -H "Authorization: auBy4eDWrKWsyhiDp3AQiw" ...
API keys are managed using the API key endpoint.
Using Username and Password
curl -v -u myuser:mypwd ...
The actual user record will be created on the first successful authentication attempt.
After that, it can be managed as usual, by using the User API endpoint.
Username/password authentication uses an LDAP/Active Directory realm. Check
Configuration document for details.
Credentials (secrets) are managed using the user interface or the
secret API endpoint.