When exposing a REST API, a team can configure the service to require authentication. There are three authentication modes available:
None: Anyone can invoke the API without needing to authenticate;
Basic: To invoke the REST API, a team will need to specify a username and password on the HTTP headers of the request;
Custom: An organization can implement their own authentication mechanism.
To require username/password authentication in a team's REST APIs, a team has the option to add basic authentication. This is done in the visual editor by setting the 'Authentication' parameter for the service.
Once a service has basic authentication, all clients that use the API need to send the credentials on the HTTP headers of the request. If no credentials are present, OutSystems automatically sends a JSON response with an error message, which looks like:
{ "Errors": [ "Basic Authentication required." ], "StatusCode":401}
When clients send their credentials, OutSystems makes them available as parameters. This automates much of the boilerplate code that developers need to implement authentication functionality.