Authenticating namespace access

Content Platform Tenant Management Help

Version
9.7.x
File Size
4269 KB
Audience
anonymous
Part Number
MK-95HCPH002-19

If a namespace requires authenticated client access, you need to pass a username and password in every REST API request. If a namespace does not require authenticated client access, you can optionally pass a username and password in a REST API request or you can omit them to access the namespace anonymously.

Note: If the namespace you are trying to access is configured to support Active Directory (AD) single sign-on, anonymous access requests to that namespace or objects in that namespace will fail.

To access the namespace as an authenticated user, you need a user account that’s defined in HCP. If HCP is configured to support Active Directory® (AD), applications can also use an AD user account that HCP recognizes to access a namespace through the REST API.

HCP also accepts AD authentication provided through the SPNEGO protocol or through the AD authentication header. For more information about SPNEGO, see http://tools.ietf.org/html/rfc4559.

If you specify a username in a REST API request, that username must identify a user account that has the permissions needed to perform the requested operation.

Regardless of whether the namespace requires client authentication, if you provide credentials in a REST API request, they must be valid. If you provide invalid credentials, HCP responds with an HTTP 403 (Forbidden) error code.

To provide credentials in a REST API request, you specify an authentication token in an HTTP Authorization request header.

HCP also accepts credentials provided in an hcp-ns-auth cookie. However, this method of providing credentials is being deprecated and should not be used in new applications. If you use both an Authorization header and an hcp-ns-auth cookie, HCP uses the header for authentication and ignores the cookie.