Basic authentication

Basic authentication can only be considered because the traffic is encrypted using SSL. It is a username + colon + password that is encoded in Base64 and passed in the authorization header of the request. The gateway at runtime builds and adds the proper basic authentication header value to the request before it passes it on to the target API server. The target server verifies that the header is present and decodes the username and password from the header and verifies the values against a database. The target server could use the username to decide what data and actions to which a user has permissions.

Different endpoints can be configured to use different username/password combinations.