Two different HTTP Basic Auth for one REST Channel URL path


#1

If I want to access to a Zato Service with two different HTTP Basic Auth do I need two REST Channel URL path ?


#2

Keeping separate channels has its advantages too, e.g. one can specify different caching configuration for each channel or perhaps grant access to different URLs from separate IP addresses in the load-balancer’s configuration.

But if this is not required then it is easiest to employ Role-Based Access Control.

This is a truly powerful mechanism that lets you build security configuration around hierarchies of permissions, with inheritance.

In the simplest case you can simply have a role such as Document Reader, which has GET access to the REST channel where, say, a myapi.get-document service exists.

The great part of it is that you can have multiple different security definitions mapped to roles and client roles, so even if you start with HTTP Basic Auth you can easily add, for instance, API keys at a later time.

I encourage you to play around with RBAC - it can be used to construct and support many interesting access security models.