API Authentication

QAD 2017 Enterprise Edition > User Guides > Security Administration > Authentication > API Authentication

API Authentication

QAD supports the following specifications for API authentication.

• HTTP Basic is the simplest way of enforcing access control to web resources by using the HTTP authentication header. Username and password information is sent as base-64 encoded text.

HTTP Basic is not recommended due to performance and security issues. Systems using HTTP Basic see significant performance degradation because credentials have to be reauthenticated with every request. Also, it presents security risks because authentication is done over unencrypted channels.

• OAuth2 provides a more secure way for REST API clients to authenticate users without sending user credentials with each request. The OAuth2 Specification requires a client to receive an access token and then pass the token to the resource sever as part of the request.