Overview

In Apstrata, all requests must be authenticated. There are four methods for authenticating Apstrata requests:

  1. Default signature: This is the most secure method of authentication because it requires hashing all content of a request along with the secret of the account or the password of the user or the device and then sending the hash. (read more) 
  2. Simple signature: This is the easiest method of authentication. It requires hashing a few select parameters along with the secret of the account or the password of the user or the device and then sending the hash. It is recommended for testing and for applications that do not have access to all parameters, e.g., files, in a request. (read more) 
  3. Token-based authentication: This is the recommended method of authentication for applications that make most requests with Apstrata users and devices, as opposed to owners, for use with SSL encrypted connections over HTTP POST. It provides a similar experience to sessions since a Token is generated and renewed over a period of time, without the need to generate a signature for every request. (read more)
  4.  Bearer token authentication: This authentication allows the users and devices to issue a request using a bearer token in the header. In order to issue a request with a token bearer header, you first need to generate a token for a user or a device. Users and devices make authenticated requests with a bearer token using the Authorization request header field. (read more)

The authentication roadmap for the Apstrata database includes optional replay prevention.

Description

Apstrata services only accept authenticated requests. Authenticating an Apstrata service request means either sending it with the apsws.authSig parameter or with a valid value for the apsdb.token parameter.

Never reveal your authentication secret to a third party, an Apstrata database affiliate will never ask for your secret. In case you feel that your authentication secret has been compromised, you can generate a new one.

Two types of signatures exist, one which is more secure and complex to construct, and another version which is simpler to construct but less secure.