Custom HTTP Authorization Header

Question

I was wondering if it\'s acceptable to put custom data in an HTTP authorization header. We\'re designing a RESTful API and we may need a way to specify a custom method of au

Answer 1

No, that is not a valid production according to the "credentials" definition in RFC 2617. You give a valid auth-scheme, but auth-param values must be of the form token "=" ( token | quoted-string ) (see section 1.2), and your example doesn't use "=" that way.