Credentials are created on Cisco MSE through Cisco Prime Infrastructure:
• Requests are sent, after authentication, using GET and the resource needed.
• Authentication can be sent from the client side before the request, using the Authorization header.
• The username and password are combined into the string username: password.
• The resulting string literal is then encoded using Base64.
• The authorization method, a space, and the string Basic is then inserted before the encoded string.
For example, if the user agent uses Aladin as the username and sesame open as the password, the header is formed as follows:
Authorization: Basic QxhZGluOnNlc2FtIG9wZW4=
• Authentication can be requested from the server, using the HTTP 401 Not Authorized response code containing a WWW-Authenticate HTTP header.
• The header for basic authentication is constructed as follows:
WWW-Authenticate: Basic realm="MSE API Service"
• Authentication is sent to the root URI to be reached (for example, https://<mseip>/api/contextaware).
• From the main URI, GET is used to obtain information about a specific object: network design, location, or notification resources.
• In this release, CAS resources start with v1; for example:
MSE APIs uses Basic Authentication scheme to authenticate the API request. Each API Request, should contain the API access credentials in the Authorization header. The API credentials can be generated by the MSE Admin via the NCS by going to the Users and Groups page of the MSE. This page is located on NCS at Mobility Services > Specific MSE > System > Users
Note, that the user credentials have read and write permissions associated with it. User credentials without write permissions can only perform ‘GET’ operations on the REST API resources. In addition, certain APIs will only return the configurations created by the requesting user.
Reference - Cisco Connected Mobile Experiences Location Analytics: Deployment Guide for Cisco Mobility Services Engine 7.5 - Cisco