Authentication
We use the same approach as existing SOAP implementation, in which we require the consumer (RSP) to pass in the rspSign (optional for certain methods), UID, and PWD for authentication.
However, in REST implementation, we leverage on Authorization header, which is used by Amazon with HMAC implementation. But instead of using HMAC implementation, we require the API consumer to pass in the Authorization header in this format:
Authorization:
GLOREMIT <UID>:<PWD>:<rspSign>
Authorization is the header key and the value after that is the header’s value. Example:
Authorization:
GLOREMIT rsp_api:p@assword123:7caa844e9b40d140b125cf51ac088868
For operations which do not require rspSign, we still need to pass in the second semi-colon (:)
and it will be in following format:
Authorization:
GLOREMIT <UID>:<PWD>:
Example:
Authorization:
GLOREMIT rsp_api:p@assword123: