We will see the following short example to tell you how does a server rejects an unauthorized person. If you have access to the resource, then you will be granted access to the resource (Authorized). If it is, you are good to go (Authentication). When a person accesses the server with the key/password, the server checks whether the person is available in the directory and is also associated with the same key/password. So in layman terms Authentication tells who you are while Authorization tells what you can do. Whereas Authorization is a process of allowing or denying someone from accessing something, once Authentication is done. Here system can be anything, it can be a computer, phone, bank or any physical office premises. This enables the system to ensure and confirm a user’s identity. These credentials tell the system about who you are. In this section, we will clear the confusion about these two terms.Īuthentication is a process of presenting your credentials to the system and the system validating your credentials. These two terms can also be confusing at first. Authorization Vs AuthenticationĪuthorization and Authentication are two closely related terms. Only authorized people can access the secured APIs. It is not necessary that everyone will have access to all the APIs. Similarly, while there could be many APIs in a company or a project. You and your sister can open the same mobile phone, which means only you and your sister are authorized to open the phone and see the data. For example, let us say you have added your and your sister's fingerprint to your phone. ![]() If the answer is No, we can say that we are not Authorized to access the resource. The Response code is 200 OK which points to a successful request.The meaning of authorization can be seen as a question which is, are we eligible to access a secured resource on the Server? If the answer is yes, then in technical terms we can say that we are Authorized to access the resource. This has to be added as the value of the Authorization key in Postman in the format − basic cG9zdG1hbjpwYXNzd29yZA=. ![]() We will obtain an encoded text cG9zdG1hbjpwYXNzd29yZA= at the bottom of the page. ![]() Enter the username (postman) and password (password) in the edit box in the format − postman − password as shown in the below image. Next, to add the credentials in the encoded format we shall take the help of a third party application having the link −. The username for this endpoint is postman and the password is password. The key should be Authorization and the value is the user credentials having the syntax as - basic. To carry out an encoded authentication, we have to choose the option No Auth from the TYPE dropdown in the Authorization tab and simultaneously from the Headers tab, we have to incorporate a new key-value pair. The TYPE dropdown in the Authorization tab, lists down all the Authorization types. ![]() In Postman, this is carried out under the Authorization tab. Thus authentication helps to identify the identity of a user and is applied for the secured APIs. This is done by authenticating the credentials of a user by the system. In Postman, sometimes we need to verify the eligibility of a user accessing a particular resource on the server.
0 Comments
Leave a Reply. |