API requester basic authentication to IBM z/OS Connect

Basic authentication can be used between the z/OS application and the IBM z/OS Connect Server.

zosConnect-3.0 Applies to zosConnect-3.0.

Basic authentication is a simple authentication scheme that is built into the HTTP protocol. It requires the z/OS application to provide a user ID and password in the request.

For a z/OS application, a user ID and password must be sent from the z/OS application to z/OS Connect either as parameters on the Host API BAQINIT call.
For other z/OS applications, only the parameters on the Host API BAQINIT call can be used.

The z/OS Connect Server validates the user ID and password against a configured user registry. The user ID is set as the authenticated user.

The following diagram shows basic authentication between a z/OS application and a z/OS Connect Server.

Diagram shows how a z/OS application passes credentials to z/OS Connect for identification.

Typically, a SAF user ID and password are provided by the z/OS application for basic authentication when z/OS Connect acts as an API requester. Alternatively an LDAP distinguished name (or uid) and password, or a basic user registry user ID and password can be used.

When basic authentication is used, the credentials are encoded, but are not encrypted. Therefore, it is typically used with HTTPS (TLS) to provide confidentiality.