Authentication

Nearly all service calls require some kind of authentication. Without it, you will receive an HTTP 401 error code. You have two options here.

HTTP Basic Authentication

Use your standard username and password specified according to the HTTP Basic Authentication protocol.

To produce the value for the Authorization header, use this formula:
"Basic " + Base64(username + ":" + password)

For example, assume your username is roland and your password is 12345. The formula is:
"Basic " + Base64("roland" + ":" + "12345")

Encoding "roland:12345" with a base 64 encoder and updating the formula, you get:
"Basic " + "cm9sYW5kOjEyMzQ1"

Therefore, your Authorization header value is "Basic cm9sYW5kOjEyMzQ1".

You may use this on all requests, but that means you must keep the username and password in memory so you can include it on each of those requests.

McLeod Token Authentication

Use the standard Authorization HTTP requested header with a bearer token registered inside LoadMaster or PowerBroker.

For example, if your token is 00000000-0000-0000-0000-0000000000000, you'd set an HTTP request header called Authorization to Bearer 00000000-0000-0000-0000-0000000000000 or to Token 00000000-0000-0000-0000-0000000000000.

There are two ways to get a token.

1. Create a token in the Sys Admin Smartphone Mobile Service in LoadMaster or PowerBroker.
2. Call the POST /users/login method using HTTP Basic Authentication. This method returns a new token in the body of the response.

By using tokens, you do not have to retain a username and password in memory for very long if at all. Instead, retain the token in memory and include it on all of your requests. If your token becomes compromised, you can always delete it and generate a new one.