This section describes the authentication mechanisms supported by the etherFAX REST API.

Authentication

The etherFAX REST web service supports the Basic HTTP authorization model using an account/password or an api-key provided by the etherFAX administration portal.

Each client must use the etherFAX account number, username, and password provided by etherFAX personnel. When authenticating against the REST web services, you must make sure all GET/POST operations have correctly added the Authorization header to HTTP request using Basic authentication.

The Authorization field is constructed as follows:

The account and username are combined with a forward slash (/), followed by a colon (:) and then the password. This means that the username itself cannot contain a colon. The character set to use for this encoding is by default unspecified, as long as it is compatible with US-ASCII or UTF-8.

Example:

    Account = efax-0000-0000
    User = appservice
    Password = ixlr8

The strings are combined and then base64 encoded:

Combined string:

    efax-0000-0000/appservice:ixlr8

String octets base64 encoded:

    ZWZheC0wMDAwLTAwMDAvYXBwc2VydmljZTppeGxyOA==

Add the following Authorization header to your HTTP request.

Authorization: Basic ZWZheC0wMDAwLTAwMDAvYXBpc2VydmljZTppeGxyOA==

Alternatively, an api-key may be used in lieu of the account/password method described above using the Bearer authentication scheme.

Authorization: Bearer your_api_key