Basic HTTP and Bearer Token Authentication

Question

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I\'m still trying to figu

Answer 1

If you are using a reverse proxy such as nginx in between, you could define a custom token, such as X-API-Token.

In nginx you would rewrite it for the upstream proxy (your rest api) to be just auth:

proxy_set_header Authorization $http_x_api_token;

... while nginx can use the original Authorization header to check HTTP AUth.