You are here: Installation > Web.config > Configuration/appSettings > WebAPIAuthScheme

WebAPIAuthScheme

This value indicates which Authentication Scheme to use for the Web API.

  1. "RWX_BASIC" (the default): requires SSL since it sends the calling user’s username/password unencrypted/unhashed in the Authentication Header. It is much simpler to implement than the RWX_SECURE scheme.
  2. "RWX_SECURE": should use SSL since requests and responses could still be intercepted by malicious users. It is much more complex to implement over the RWX_BASIC scheme, however, benefits of the RWX_SECURE scheme include:
    • Tamper Proof Requests
    • Replay Attack Prevention

Usage

This setting will need to be changed if you elect to modify the Web API authentication scheme.

Example

To change from RWX_BASIC to RWX_SECURE, you would change the highlighted value below: 

<add key="WebAPIAuthScheme" value="RWX_BASIC" />