The REST service described under
REST Service Mediation
has to be secured by allowing access only to properly authenticated users. Unauthenticated requests to
access the API should be declined with HTTP 401 responses with appropriate error messages.
HTTP basic authentication is utilized for the access control mechanism, where the user sends a Basic
Authorization header with a base 64 encoded, colon-separated username-password pair as part of the API
access request. UltraESB reads credentials from a CSV-formatted user credentials file, and decodes and
validates passwords received on the Authorization headers against their respective usernames. If either
the header cannot be parsed or it does not correspond to a valid username-password pair, UltraESB blocks
the request and returns an HTTP 401 response along with an appropriate error message. Otherwise the
request is allowed to proceed as in the case of the original REST service mediation flow.