Authorizing HTTP requests by using the Zen API key

When you want a user agent to send authentication credentials to the Cloud Pak Platform UI (Zen) front door, it can use the Authorization header field.

About this task

To integrate your CP4BA deployment with, for example, an identity provider or call a REST API from a client application, you can use the Zen API key. To call a REST API, you need a token that is sent by the Zen API key. The string <username>:<api key> must be base64 encoded and then added to the Authorization header of the request. The encoded value must be prefixed with the identifier ZenApiKey, which specifies the Zen’s proprietary authentication scheme.

You can make a request to a Cloud Pak REST API by using a cURL command or a thin client (fat client). The following steps show how to encode the value of the Zen token in the Authorization header.

Procedure

Generate a base64 format of your user credentials.
```
printf "myusername:myapikey" | base64
```
On Linux, use base64 -w0 to avoid wrapping the encoded value. If you do not have base64 installed, use openssl.
```
printf "myusername:myapikey" | openssl base64
```
The output is an encoded value.
```
bXl1c2VybmFtZTpteWFwaWtleQ==
```
You can generate a new Platform API key for a specific username in the UI. For more information, see Generating API keys for authentication.

Construct your Authorization header with the ZenApiKey.

Authorization: ZenApiKey bXl1c2VybmFtZTpteWFwaWtleQ==

Use the header to construct a cURL command to call a Cloud Pak service.

curl 'https://zen-front-door-hostname/my-service' \
  -H 'Authorization: ZenApiKey bXl1c2VybmFtZTpteWFwaWtleQ=='