Each HTTP request must be authenticated using Basic Authorization. This method requires the client to provide a Base64-encoded username and password in the request header.
The authorization header follows this structure:
Authorization: Basic Base64Encoded(username:password)
Where Base64Encoded(username:password) is the Base64-encoded representation of username:password.
A user has the following credentials:
- Username: John
- Password: secret
The Base64-encoded string for John:secret is:
Sm9objpzZWNyZXQ=
This results in the following HTTP Authorization header:
Authorization: Basic Sm9objpzZWNyZXQ=
Retarus allows multiple Login IDs to be configured for Webservice access, which can be managed via the Retarus EAS Portal. These Login IDs enable multiple processes to operate concurrently, with each process maintaining its own configuration.
Each Login ID operates independently, meaning job and report data for one Login ID cannot be accessed using another. For example, a fax job's status report can only be retrieved or deleted under the same Login ID that was used to create it.
To enhance security, access can be restricted by configuring IP address whitelisting for each Login ID. This ensures that requests are only accepted from a predefined list of IP addresses and/or subnets.
- If IP whitelisting is enabled, any request from an unlisted IP address will be rejected.
- Configuration of IP restrictions is performed in the EAS portal.
By implementing Basic Authorization and optional IP whitelisting, Retarus ensures secure and controlled access to its Webservice.