Reputation: 61
Artifactory REST API authentication types usage
Artifactory REST API provides the different types of authentication like Basic (Username/Password) / API Key / Access Token. My questions is, what is the basic difference between these authentication type mechanisms when client calls Artifactory REST APIs. In what scenarios these different Artifactory REST API authentication types are used ?
Upvotes: 4
Views: 3723
Answers (1)
Reputation: 20386
Basic Authentication - this is the least safe method from the three as it forces the user to keep the credentials, sometime in a clear text format (you should use encrypted passwords to avoid this). The main reason for supporting it are tools which does not support any other authentication means. Since Artifactory supports many different package types and a variety of clients, it has to support some technologies which still use basic authentication.
API Key - API keys offers an improvement over basic authentication as they can be revoked in case they are compromised. However, they do not have an expiry mechanism. Another limitation of API Keys is that they are attached to a user, which makes them less attractive to automation. Another limitation is that they are not designed to be shared between multiple instances of Artifactory.
Access Token - Access tokens offers many advantages: not bound to user and can serve CI jobs for example, offer time based access control, can be revoked, scoped, can be shared between multiple Artifactory instances.
Upvotes: 4
Related Questions
- Using Artifactory Java client with API Key?
- Add Artifactory repository via CLI or Rest
- Working of API keys in artifactory
- RESTful API Authentication
- Rest API and Artifactory
- apache Ivy authentication with artifactory
- Salesforce API authentication
- REST API Authorization type
- enforce authentication in downloading artifacts from Artifactory Pro using rest api's
- REST and authentication variants