Skip to main content

Authentication Guide

Introduction

This guide provides detailed information on how to authenticate with the File Upload and Management API. Proper authentication is crucial to ensure that only authorized users can access and manage their files securely.

Authentication Method

The API uses HTTP headers for authentication. You must include the following headers in each request to authenticate yourself:

  • x-auth-name: Your customer name.
  • x-auth-password: Your customer password.

These credentials are provided to you by the API administrator and should be kept confidential.

Adding Authentication Headers

To authenticate with the API, include the x-auth-name and x-auth-password headers in your HTTP requests. Below are examples of how to include these headers in your requests using curl.

Example Requests

Health Check

curl -X GET http://yourserver.com/ping

Uploading a File

curl -X POST http://yourserver.com/upload \
  -H "x-auth-name: yourname" \
  -H "x-auth-password: yourpassword" \
  -F "file=@/path/to/yourfile.txt"

Downloading a File

curl -X GET http://yourserver.com/serve/yourfile.txt \
  -H "x-auth-name: yourname" \
  -H "x-auth-password: yourpassword" \
  -O

Listing Uploaded Files

curl -X GET http://yourserver.com/list \
  -H "x-auth-name: yourname" \
  -H "x-auth-password: yourpassword"

Handling Authentication Errors

If authentication fails, the API will return a 400 Bad Request status code with an appropriate error message. Common reasons for authentication failure include:

  • Missing Headers: Ensure that both x-auth-name and x-auth-password headers are included in your request.
  • Invalid Credentials: Double-check that your customer name and password are correct.
  • No Customer Found: Your credentials do not match any customer in the configuration file.

Example Error Response

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "No auth headers"
}

Securing Your Credentials

  • Keep your credentials confidential: Do not share your customer name and password with anyone.
  • Use HTTPS: Ensure you are making requests over HTTPS to encrypt your credentials in transit.