API authentication
Created by: VoidingWarranties
Authentication is implemented with HTTP basic auth. Passwords are sent in plaintext. Therefore API authentication should only be used if the API is only exposed over localhost. In the future, TLS can be used to encrypt API calls which will make it safe to use API authentication elsewhere.
It is safe to send passwords in plaintext over localhost as only root should be able to sniff localhost.
Authentication is enabled in siad by default. The --no-password
flag can be used to disable it.