Authentication with REST

HTTP clients authenticate to the HCL OneDB™ REST API through HTTP Basic Authentication using a user and password known to the HCL OneDB database server.

Authentication in the REST API is ultimately done directly by the HCL OneDB database server. HTTP clients authenticate to REST using HTTP Basic Authentication. The REST API server will then establish a JDBC connection to the OneDB database server using the username and password sent by the HTTP client. This model ensures that the database server controls all user accounts and privileges and you can audit user activities and configure fine-grained access control directly on the database server.

After the first HTTP request authenticating a user, the REST API will return a session cookie in the HTTP response using the Set-Cookie header. The session cookie name is onedb-rest.session. To re-use the same REST session, all subsequent HTTP requests should include the onedb-rest.session cookie as part of the HTTP request. HTTP clients can achieve better performance on their requests if they re-use their established REST session as opposed to re-autheticating with each subsequent HTTP request. REST sessions timeout by default after 10 minutes of inactivity, but this duration can be configured with the rest.session.timeout property.