Basic Authentication Policy to authenticate the username and password which is stored in kvm and retrive via query params.

vermagovind92
Participant III

Hi All,

My usecase is:

I created Encrepted KV-Map which has multiple k-v data saved which is username and password.

Key Value

Govind Verma

Amit Rao

Mehtab Khan

Joe Denly

Nalini Priya

Now I applied Basic Authentication Policy to authenticate the username and password which is stored in kvm and retrieve via query params.

(i.e If username and password passed in query parameter match with KVM stored value then only It should allow to proceed further otherwise give some user friendly message.)

eg-1. Sending my request as : uri?username=Govind&password=Verma --> Success

eg-2. Sending my request as : uri?username=Priyanka&password=Singh --> Fail

Any Advice how could I achieve these requirements?

Thanks and Regards

Govind Verma

@Anil Sagar @ Google, @Dino-at-Google,@Brendan, @deboraelkin,@Siddharth Barahalikar,@Priyadarshi Ajitav Jena,@Robert Johnson,@Nisha Mallesh,@Anil Sagar,@sudheendras,@Mukundha Madhavan,@Jeremy Whitlock,@Nagashree B,

Solved Solved
0 5 993
2 ACCEPTED SOLUTIONS

sidd-harth
Participant V

Govind I guess you have already asked a similar question here,

https://community.apigee.com/questions/69267/how-could-i-get-boolean-request-using-basic-authen.html...

As explained earlier the Basic Authentication policy cannot be used to compare/validate the plain text credentials.

  • You need to send the base64encode string of the username and password in Basic Authentication Header.
  • Then the policy will Decode them back to username and password.
  • Now you can compare the decoded values with the values from KVM Get Operation.

View solution in original post

Govind, Sending credentials as a query parameter is insecure. You should rethink your API design and send it in a POST request body over https.

On the KVM issue, you may want to look at how you are retrieving the values from the KVM and the index you are using in the GET operation

View solution in original post

5 REPLIES 5

vermagovind92
Participant III

sidd-harth
Participant V

Govind I guess you have already asked a similar question here,

https://community.apigee.com/questions/69267/how-could-i-get-boolean-request-using-basic-authen.html...

As explained earlier the Basic Authentication policy cannot be used to compare/validate the plain text credentials.

  • You need to send the base64encode string of the username and password in Basic Authentication Header.
  • Then the policy will Decode them back to username and password.
  • Now you can compare the decoded values with the values from KVM Get Operation.

Thanks for your response @Siddharth Barahalikar

Govind, Sending credentials as a query parameter is insecure. You should rethink your API design and send it in a POST request body over https.

On the KVM issue, you may want to look at how you are retrieving the values from the KVM and the index you are using in the GET operation

Thanks for your response @Nagashree B