Credential Injection Basic Authentication Policy

Policy Name

Credential Injection Basic Authentication

Summary

Injects a basic authorization header into outgoing requests

Category

Security

First Flex Gateway version available

v1.9.0

Returned Status Codes

No return codes exist for this policy. Error codes are returned from the upstream service.

Summary

The Credential Injection Basic Authentication policy injects an Authorization header containing a username and password into outbound requests. The policy ensures that requests sent from Flex Gateway to an upstream service include the correct authentication headers. The Authorization header format is Authorization: Basic <username:password>.

The policy follows Basic HTTP authentication standards Leaving the Site .

When an error occurs, the policy returns a WWW-Authenticate HTTP header field.

Configuring Policy Parameters

Flex Gateway Local Mode

In Flex Gateway Local Mode, you apply the Basic Authentication: Simple policy to your API via declarative configuration files. Refer to the following policy definition and table of parameters:

- policyRef:
    name: http-basic-authentication-flex
  config:
    username: <string> // OPTIONAL
    password: <string> // OPTIONAL
    overwrite: <boolean> // OPTIONAL
    customHeader: <string> // OPTIONAL

Parameter Required or Optional Default Value Description

Parameter	Required or Optional	Default Value	Description
`username`	Optional	N/A	The username for the basic authentication credentials.
`password`	Optional	N/A	The password for the basic authentication credentials.
`overwrite`	Optional	true	When enabled, if the `Authorization` header is present, the policy overwrites it with the configured credentials.
`customHeader`	Optional	N/A	When configured, a custom header is injected instead of the `Authorization` header. If Overwrite header is enabled, the policy overwrites the custom header if present instead of the `Authorization` header.

username

Optional

N/A

The username for the basic authentication credentials.

password

Optional

N/A

The password for the basic authentication credentials.

overwrite

Optional

true

When enabled, if the Authorization header is present, the policy overwrites it with the configured credentials.

customHeader

Optional

N/A

When configured, a custom header is injected instead of the Authorization header. If Overwrite header is enabled, the policy overwrites the custom header if present instead of the Authorization header.

Resource Configuration Example

- policyRef:
    name: http-basic-authentication-flex
  config:
    username: chris
    password: admin

Flex Gateway Connected Mode

When you use the UI to apply the Credential Injection Basic Authentication policy to your upstream, you can configure the following parameters:

Parameter Description Required?

Parameter	Description	Required?
Username	The username for the basic authentication credentials.	Optional
Password	The password for the basic authentication credentials.	Optional
Overwrite header	When enabled, if the `Authorization` header is present, the policy overwrites it with the configured credentials.	Optional
Custom Header	When configured, a custom header is injected instead of the `Authorization` header. If Overwrite header is enabled, the policy overwrites the custom header if present instead of the `Authorization` header.	Optional

Username

The username for the basic authentication credentials.

Optional

Password

The password for the basic authentication credentials.

Optional

Overwrite header

When enabled, if the Authorization header is present, the policy overwrites it with the configured credentials.

Optional

Custom Header

Optional