API authentication (!1065) · Merge requests · NebulousLabs / Sia

Christopher Schinnerl requested to merge api-auth into master Apr 14, 2016

Created by: VoidingWarranties

Authentication is implemented with HTTP basic auth. Passwords are sent in plaintext. Therefore API authentication should only be used if the API is only exposed over localhost. In the future, TLS can be used to encrypt API calls which will make it safe to use API authentication elsewhere.

It is safe to send passwords in plaintext over localhost as only root should be able to sniff localhost.

Authentication is enabled in siad by default. The --no-password flag can be used to disable it.

API authentication

Merge request reports