Today we want to present you a very simple mechanism to secure your API using an authentication mechanism known as basic authentication, described in this RFC.
The implementation is very simple: a servlet filter that intercept calls and reads the authentication header, decodes it and compares with value set in the properties file.
As always, we created a complete implementation of this mechanism in a demo Spring Boot application that can be checked here.
You know that we love Swagger UI as a mechanism to test our APIs. The example we provide comes with the input label for the authentication header:
What would be possible improvements of this mechanism:
- store authentication key in AWS KMS
- add HTTPS support to your endpoint, as it’s described here.
Don’t forget to share your thoughts with us by adding a comment on this post!
Happy cloud computing!