We use the same approach as existing SOAP implementation, in which we require the consumer (RSP) to pass in the rspSign (optional for certain methods), UID, and PWD for authentication.
However, in REST implementation, we leverage on Authorization header, which is used by Amazon with HMAC implementation. But instead of using HMAC implementation, we require the API consumer to pass in the Authorization header in this format:
Authorization is the header key and the value after that is the header’s value. Example:
For operations which do not require rspSign, we still need to pass in the second semi-colon (:) and it will be in following format:
Example: Authorization: GLOREMIT rsp_api:p@assword123: