SINCE VERSION 1.0

What is Authentication?

Before you can call a pipeline or command from remote, you need to authenticate ("login") first. This can be done in different ways depending on your requirements.

Authentication via HTTP Header ​

You can authenticate using the HTTP header authorization. This header must be set with any remote call of the pipeline or command API endpoint.

Basic Authentication​

This authentication method takes the base64 encoded username and password, separated by a colon:

This would look like this example for username alice and password foo:

If you're using curl, you can specify the -u argument so curl is handling the base64 encoding and header placement for you:

Bearer Authentication​

This authentication type is mostly used as part of OAuth 2.0 authentication flow.

At first your client needs to obtain the Bearer token from an OAuth2 exchange flow on an OAuth2 server where the login credentials will be exchanged to a Bearer token. Then you can use this Bearer token in the HTTP header to authenticate PIPEFORCE command and other endpoint calls.

This approach needs good knowledge how OAuth2 works which is out of scope of this documentation.

Once you finally have obtained the access token form your OAuth2 exchange flow, you can set it as Bearer token like this:

Here is an example of how you could obtain the Bearer access token from the PIPEFORCE IAM service for the client-id pipeforce.

In case you need to setup a custom OAuth2 client-id and secret in PIPEFORCE IAM, please contact support since they will setup and maintain this for you.

Refresh Authentication​

This authenticates using a refresh token from an OAuth 2.0 flow.

Authentication via IAM Command ​

In some cases it is required that authentication takes place inside a pipeline. For this, there are different iam.* commands available. See commands reference for details.