CAUTION

"The Basic authentication scheme is not a secure method of user authentication, nor does it in any way protect the entity.The most serious flaw of Basic authentication is that it results in the cleartext transmission of the user's password over the physical network. Many other authentication schemes address this problem.Because Basic authentication involves the cleartext transmission of passwords, it SHOULD NOT be used (without enhancements such as HTTPS [RFC2818]) to protect sensitive or valuable information."

Above excerpt is from Basic Auth RFC. https://tools.ietf.org/html/rfc7617#section-4

Industry best secure practices & TIBCO recommends to use better authentication schemes like OAuth2.0 access token (natively supported by TIBCO Cloud Mashery), third party based JWT token Authentication Connector or via third party based OAuth2.0 access token validation Connector.

FAQs

What other authentication options are available out of box besides HTTP Basic Auth in TIBCO Cloud Mashery?

Is Connector compliant with RFC if Authorization header is not present in the request or credentials are not present in this header with Basic scheme?

Yes.

What status code Connector respond if Authorization header is not present in the request or credentials are not present in this header with Basic scheme?

In the above scenario, the Connector responds with 401 Unauthorized response along with WWW-Authenticate header to the user client.

Does Connector support backward compatibility for TIBCO Cloud Mashery platform error response codes as Proxy server. Refer to https://support.mashery.com/docs/read/mashery_api/20_reporting/Authentication?

Yes. The Connector supports configurable parameter Keep_Mashery_Default_Response_Code to achieve it. If parameter is configured as true, then Connector responds with 403 response compliant with TIBCO Mashery platform error response codes.