Skip to content

Authentication schemes

Custom auth enables you to set authentication parameters, instead of typing an Authorization header manually. Four types of authentication are supported: Basic, Bearer, Windows and Client certificate.

Collection-scoped authentication

The authentication scheme can be collection-scoped, in a way that many requests can inherit it - good for centralisation.


For a collection-scoped authentication to be used, the authentication type in the request must be Inherited from collection.

Basic authentication

If Basic authentication is used, with a login "usr" and a password "pwd", the following Authorization header will be added when sending the request, according to Basic authentication logic:

Authorization: Basic dXNyOnB3ZA==

Bearer authentication

If Bearer authentication is used, with a bearer token "my_token", then the following Authorization header will be added when sending the request:

Authorization: Bearer my_token

Windows authentication (NTLM / Kerberos)

Windows authentication is used in some Windows domains and networks. Understand more in: link1 and link2.

Client certificate authentication

Client certificate authentication differs from the methods above because it operates on TLS layer, before the HTTP request is transmitted.

The two accepted client certificate types are PKCS#12 and PEM. This page details some of the certificate types that exist.