Message-ID: <13795474.3740.1485855089024.JavaMail.confluence@ip-10-127-227-164>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related; 
	boundary="----=_Part_3739_979446878.1485855089024"

------=_Part_3739_979446878.1485855089024
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html

<html xmlns:o=3D'urn:schemas-microsoft-com:office:office'
      xmlns:w=3D'urn:schemas-microsoft-com:office:word'
      xmlns:v=3D'urn:schemas-microsoft-com:vml'
      xmlns=3D'urn:w3-org-ns:HTML'>
<head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8=
">
    <title>REST API Authentication</title>
    <!--[if gte mso 9]>
    <xml>
        <o:OfficeDocumentSettings>
            <o:TargetScreenSize>1024x640</o:TargetScreenSize>
            <o:PixelsPerInch>72</o:PixelsPerInch>
            <o:AllowPNG/>
        </o:OfficeDocumentSettings>
        <w:WordDocument>
            <w:View>Print</w:View>
            <w:Zoom>90</w:Zoom>
            <w:DoNotOptimizeForBrowser/>
        </w:WordDocument>
    </xml>
    <![endif]-->
    <style>
                <!--
        @page Section1 {
            size: 8.5in 11.0in;
            margin: 1.0in;
            mso-header-margin: .5in;
            mso-footer-margin: .5in;
            mso-paper-source: 0;
        }

        td {
            page-break-inside: avoid;
        }

        tr {
            page-break-after: avoid;
        }

        div.Section1 {
            page: Section1;
        }

        /* Confluence print stylesheet. Common to all themes for print medi=
a */
/* Full of !important until we improve batching for print CSS */

@media print {
    #main {
        padding-bottom: 1em !important; /* The default padding of 6em is to=
o much for printouts */
    }

    body {
        font-family: Arial, Helvetica, FreeSans, sans-serif;
        font-size: 10pt;
        line-height: 1.2;
    }

    body, #full-height-container, #main, #page, #content, .has-personal-sid=
ebar #content {
        background: #fff !important;
        color: #000 !important;
        border: 0 !important;
        width: 100% !important;
        height: auto !important;
        min-height: auto !important;
        margin: 0 !important;
        padding: 0 !important;
        display: block !important;
    }

    a, a:link, a:visited, a:focus, a:hover, a:active {
        color: #000;
    }

    #content h1,
    #content h2,
    #content h3,
    #content h4,
    #content h5,
    #content h6 {
        font-family: Arial, Helvetica, FreeSans, sans-serif;
        page-break-after: avoid;
    }

    pre {
        font-family: Monaco, "Courier New", monospace;
    }

    #header,
    .aui-header-inner,
    #navigation,
    #sidebar,
    .sidebar,
    #personal-info-sidebar,
    .ia-fixed-sidebar,
    .page-actions,
    .navmenu,
    .ajs-menu-bar,
    .noprint,
    .inline-control-link,
    .inline-control-link a,
    a.show-labels-editor,
    .global-comment-actions,
    .comment-actions,
    .quick-comment-container,
    #addcomment {
        display: none !important;
    }

    .comment .date::before {
        content: none !important; /* remove middot for print view */
    }

    h1.pagetitle img {
        height: auto;
        width: auto;
    }

    .print-only {
        display: block;
    }

    #footer {
        position: relative !important; /* CONF-17506 Place the footer at en=
d of the content */
        margin: 0;
        padding: 0;
        background: none;
        clear: both;
    }

    #poweredby {
        border-top: none;
        background: none;
    }

    #poweredby li.print-only {
        display: list-item;
        font-style: italic;
    }

    #poweredby li.noprint {
        display: none;
    }

    /* no width controls in print */
    .wiki-content .table-wrap,
    .wiki-content p,
    .panel .codeContent,
    .panel .codeContent pre,
    .image-wrap {
        overflow: visible !important;
    }

    /* TODO - should this work? */
    #children-section,
    #comments-section .comment,
    #comments-section .comment .comment-body,
    #comments-section .comment .comment-content,
    #comments-section .comment p {
        page-break-inside: avoid;
    }

    #page-children a {
        text-decoration: none;
    }

    /**
     hide twixies

     the specificity here is a hack because print styles
     are getting loaded before the base styles. */
    #comments-section.pageSection .section-header,
    #comments-section.pageSection .section-title,
    #children-section.pageSection .section-header,
    #children-section.pageSection .section-title,
    .children-show-hide {
        padding-left: 0;
        margin-left: 0;
    }

    .children-show-hide.icon {
        display: none;
    }

    /* personal sidebar */
    .has-personal-sidebar #content {
        margin-right: 0px;
    }

    .has-personal-sidebar #content .pageSection {
        margin-right: 0px;
    }
}
-->
    </style>
</head>
<body>
    <h1>REST API Authentication</h1>
    <div class=3D"Section1">
        <div class=3D"contentLayout2">=20
<div class=3D"columnLayout two-right-sidebar" data-layout=3D"two-right-side=
bar">=20
<div class=3D"cell normal" data-type=3D"normal">=20
<div class=3D"innerCell">=20
<p>The REST API supports two authentication methods: session, and basic.&nb=
sp;</p>
<ul>
<li><strong>Session-based authentication</strong> is meant to be used for A=
JAX operations. It will let you re-use the visitor's session to execute ope=
rations with their permissions.</li>
<li><strong>Basic authentication</strong> is often used when writing cross-=
server procedures, when one remote application executes operations on one/s=
everal eZ Platform instances (remote publishing, maintenance, etc).</li>
</ul>
<p>Session-based is the default authentication method, as this is needed fo=
r UI.</p>
<h2 id=3D"RESTAPIAuthentication-Sessionbasedauthentication">Session based a=
uthentication</h2>
<p>This authentication method requires a Session cookie to be sent with eac=
h request.</p>
<p>If this authentication method is used with a web browser, this session c=
ookie is automatically available as soon as your visitor logs in. Add it as=
 a cookie to your REST requests, and the user will be authenticated.</p>
<h3 id=3D"RESTAPIAuthentication-Loggingin">Logging in</h3>
<p>It is also possible to create a session for the visitor if they aren't l=
ogged in yet. This is done by sending a&nbsp;<span style=3D"color: rgb(0,0,=
255);"><strong><code>POST</code></strong></span>&nbsp;request&nbsp;to&nbsp;=
<span style=3D"color: rgb(255,102,0);"><code>/user/sessions</code></span>. =
Logging out is done using a&nbsp;<strong><span style=3D"color: rgb(0,0,255)=
;"><code>DELETE</code></span></strong>&nbsp;request on the same resource.</=
p>
<div class=3D"confluence-information-macro confluence-information-macro-inf=
ormation">
<p class=3D"title">More information</p>
<span class=3D"aui-icon aui-icon-small aui-iconfont-info confluence-informa=
tion-macro-icon"></span>
<div class=3D"confluence-information-macro-body">
<p><a href=3D"https://github.com/ezsystems/ezp-next/blob/master/doc/specifi=
cations/rest/REST-API-V2.rst#123%C2%A0%C2%A0%C2%A0session-based-authenticat=
ion" class=3D"external-link" rel=3D"nofollow">Session-based authentication =
chapter of the REST specifications</a></p>
</div>
</div>
<h2 id=3D"RESTAPIAuthentication-HTTPBasicauthentication">HTTP Basic authent=
ication</h2>
<p>To enable HTTP Basic authentication, you need to edit app<code>/config/<=
span>security</span>.yml</code>, and add/uncomment the following block. Not=
e that this is enabled by default.</p>
<div class=3D"code panel pdl" style=3D"border-width: 1px;">
<div class=3D"codeHeader panelHeader pdl" style=3D"border-bottom-width: 1px=
;">
<b>ezplatform.yml</b>
</div>
<div class=3D"codeContent panelContent pdl">=20
<pre class=3D"brush: php; gutter: false; theme: Eclipse" style=3D"font-size=
:12px;">        ezpublish_rest:
            pattern: ^/api/ezp/v2
            stateless: true
            ezpublish_http_basic:
                realm: eZ Publish REST API</pre>=20
</div>
</div>
<p>Basic authentication requires the username and password to be sent&nbsp;=
<em>(username:password)</em>, based 64 encoded, with each request, as expla=
ined in&nbsp;<a href=3D"http://tools.ietf.org/html/rfc2617" class=3D"extern=
al-link" rel=3D"nofollow">RFC 2617</a>.</p>
<p>Most HTTP client libraries as well as REST libraries do support this met=
hod one way or another.</p>
<div class=3D"code panel pdl" style=3D"border-width: 1px;">
<div class=3D"codeHeader panelHeader pdl" style=3D"border-bottom-width: 1px=
;">
<b>Raw HTTP request with basic authentication</b>
</div>
<div class=3D"codeContent panelContent pdl">=20
<pre class=3D"brush: plain; gutter: false; theme: Eclipse" style=3D"font-si=
ze:12px;">GET / HTTP/1.1
Host: api.example.com
Accept: application/vnd.ez.api.Root+json
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=3D=3D</pre>=20
</div>
</div>
</div>=20
</div>=20
<div class=3D"cell aside" data-type=3D"aside">=20
<div class=3D"innerCell">=20
<h4 id=3D"RESTAPIAuthentication-Inthistopic:">In this topic:</h4>
<p><style type=3D"text/css">/*<![CDATA[*/
div.rbtoc1485855089012 {padding: 0px;}
div.rbtoc1485855089012 ul {list-style: disc;margin-left: 0px;}
div.rbtoc1485855089012 li {margin-left: 0px;padding-left: 0px;}

/*]]>*/</style></p>
<div class=3D"toc-macro rbtoc1485855089012">=20
<ul class=3D"toc-indentation">=20
<li><a href=3D"#RESTAPIAuthentication-Sessionbasedauthentication">Session b=
ased authentication</a>=20
<ul class=3D"toc-indentation">=20
<li><a href=3D"#RESTAPIAuthentication-Loggingin">Logging in</a></li>=20
</ul> </li>=20
<li><a href=3D"#RESTAPIAuthentication-HTTPBasicauthentication">HTTP Basic a=
uthentication</a></li>=20
</ul>=20
</div>
<p></p>
</div>=20
</div>=20
</div>=20
</div>
    </div>
</body>
</html>
------=_Part_3739_979446878.1485855089024--