🔐 Authentication

REL-IDverify APIs require valid authentication to access any endpoint. The authentication is provided via the Authorization header in each API request. REL-IDverify supports two types of authentication schemes:

1. 🧾 Basic Authentication

Basic authentication involves encoding a username and password into a base64 string.

📌 How to Use

1. Format your credentials as username:password
2. Base64 encode the string. For example:
   • reliduser:password123 becomes cmVsaWR1c2VyOnBhc3N3b3JkMTIz
3. Add to the Authorization header:

   Authorization: Basic cmVsaWR1c2VyOnBhc3N3b3JkMTIz

❌ Failure Response

{
  "response_code": 1,
  "error_code": 2604,
  "error_message": "Authorization failed"
}

2. 🛡 OAuth2 Authentication

OAuth2 Bearer Tokens provide more secure and scalable authentication for production use.

📌 How to Use

1. Obtain the token by authenticating via the REL-ID Auth Server (see /oauth/token)
2. Add it to the request header:

   Authorization: Bearer <your-access-token>

❌ Failure Response

{
  "response_code": 1,
  "error_code": 2604,
  "error_message": "Authorization failed",
  "error": "invalid_token",
  "error_description": "Access token expired"
}

⚠ Response Headers (OAuth2 failure)

• WWW-Authenticate: Contains the reason for failure, such as:

  WWW-Authenticate: Bearer error="invalid_token", error_description="Access token expired"

🚨 Error Codes Reference

✅ Recommended Approach

• Use OAuth2 for production deployments
• Use Basic Auth for initial development/testing
• Always keep client credentials secure and rotate tokens regularly

🛠 Getting Credentials

• Client credentials (Client ID and Secret) are issued by the REL-ID Admin using the Gateway Manager Console
• Enterprises may use multiple credentials (Enterprise IDs) to isolate app flows by department or product