Saturday, July 20, 2013

Basic Authentication in ColdFusion CFHTTP / http Call

In our normal coding we must have faced some situation where we makes HTTP call to any third party server. Sometimes these third party server doesn't enforce any authentication and sometimes we have to go to different authentication process like Basic Authentication, NTLM authentication, Integrated Windows and Kerebos Authentication.

   We generally use CFHTTP tag to make HTTP call from ColdFusion and this tag only supports Basic authentication.

So, lets see how we can do basic authentication using ColdFusion CHTTP tag.

We can perform basic authentication two ways:

1. Pass User Name/Auth ID and Password/Auth Token  in the User Name and Password attributes present in CFHTTP tag. like below:

So, in the above example I am making a call to a SMS gateway by HTTP call to get sent/received SMS by server. Here I am passing user name and password. Sometimes some third party says we are giving you AUTH_ID and AUTH_TOKEN. These AUTH_ID and AUTH_TOKEN is similar to User Name and Password. So, don't be confused with that.

2. Another way, in first method we pass User Name and Password and ColdFusion internally converts it into following format.

Basic ToBase64("User Name/Auth ID: Password/Auth Token")

So, if we could pass this format directly into the server then also it will work like the below example:

Here we are converting that Auth_ID/User Name and Auth_Token/Password  into the format which ColdFusion internally does while making HTTP call and we are passing it in a header param "Authorization". So, this second method will give the same result.

Hope it will help you :)

1 comment:

  1. This was helpful thanks. Method 1 and 2 are not exactly identical in my experience, at least with the API. I couldn't get Method 1 to work with their authorization API, but your method 2 worked like a charm!