Authentication and Authorization

The Web3 client APIs support user authentication via either HTTP user credentials or OAuth 1.0 credentials, or both. The credentials to be used are passed to the constructor for the TopicMapServiceClient or SchemaServiceClient class.

HTTP user credentials are passed in using an object that implements the .NET ICredentials interface. If your Web3 server is configured to use Windows Authentication (the default), then you can retrieve the current user's credentials using the System.Net.CredentialCache class. If the server is configured to accept Basic Authentication, credentials can be supplied by creating an instance of System.Net.NetworkCredential.

OAuth credentials consist of a consumer key and secret, and an access token and secret. The consumer key and secret relate to the application requesting access on behalf of a Web3 user, the access token and secret are provided by Web3 when the user grants the application permission to act on their behalf. These are all passed in to the client class constructor - the secret values are used only to sign requests and are never exposed over the wire.