This article describes the legacy User-based authentication. New consumers should use Client Certificate Authentication or Token Authentication instead.

Flowgear supports user authentication via Basic HTTP Authentication as well as session-based authentication.

Basic Authentication

When an endpoint is accessed through the browser for the first time, an HTTP 401 Unauthorized response will be returned which will cause the browser to present a login dialog. Once valid credentials have been captured, the browser will retain the authentication data for the remainder of the session

To programatically provide Basic Authentication, add the following HTTP Header to the request:

Authorization: Basic {base64sequence}

Where {base64sequence}  is a Base64 encoded representation of {username}:{password}

For example,  becomes bXluYW1lQG15Y29tcGFueS5jb206bXlwYXNzd29yZA== .

The full HTTP Header should be provided as 

Authorization: Basic bXluYW1lQG15Y29tcGFueS5jb206bXlwYXNzd29yZA==

Session Authentication

Add an authentication token to the querystring for the request using the identifier auth. For example:

The authentication token can be temporarily obtained from within the Flowgear Console. Open the Account Pane, then select About and copy the value in the Session ID Textbox. To programatically obtain an authentication token, use this request template:


If the supplied username and password are correct, an authorisation token will be returned as a JSON string. For example:


Did this answer your question?