The auth action implements HTTP Basic authentication between the client and FLAT.
It is useful to protect APIs under development.
An auth action contains a list of user elements which have the following attributes:
pass="..."to define a password (required, must not be empty)name="..."to define a username (optional, defaults to the empty string)
If the client has not sent authentication credentials, a 401 Authentication Required
status is returned and the flow is halted. In a subsequent request with credentials matching a configured
user, the action does not halt the flow.
📎 Basic authentication does not provide strong protection, as no encryption is used. You should only use it on HTTPS connections.
<auth>
<user pass="top secret" />
<user name="fred" pass="wilma" />
<!-- repeated user is ignored -->
<user name="fred" pass="betty" />
</auth>📎 Only the first match is evaluated if user names are repeated.
The following cases are considered fatal and will terminate the request:
- the action has no
userelement - a
userhas nopassattribute