Authentication
Releval supports a number of authentication types for search endpoints.
Authentication Types
| Authentication Name | Type | Description |
|---|---|---|
| None | No authentication | |
| Bearer | bearer | Bearer Authentication |
| Basic | basic | Basic Authentication |
| AWS SigV4 | aws | Authentication for AWS-hosted services like AWS OpenSearch |
| Custom HTTP Header | custom | Supply your own HTTP header name and value |
Credentials are encrypted at rest and cannot be retrieved by users once set; they can only be overwritten.
It is recommended that authentication credentials provided to Releval are as limited in privileges as possible. Ideally they are:
- short-lived
- scoped specifically to the URL(s) that needs be accessed
- scoped to the HTTP method(s) required. For searches, this can often be the HTTP
GETmethod, which Releval is able to send a HTTP request body with, if the search endpoint supports this.
Bearer Authentication
Bearer authentication (also known as token authentication) is an
HTTP authentication scheme that
sends the supplied token value in the Authorization HTTP header to the search endpoint:
Authorization: Bearer <token>
Basic Authentication
Basic authentication is a HTTP authentication scheme
built into the HTTP protocol. It sends the supplied username and password as a base64 encoded
value in the Authorization HTTP header to the search endpoint. For example,
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
AWS SigV4 Authentication
AWS SigV4 Authentication (Signature Version 4) is a protocol for securely signing API requests to AWS services, such as AWS OpenSearch Service. It uses cryptographic hashing with your AWS access and secret keys to generate a signature that verifies both the identity of the sender and the integrity of the request.
A user provides the access_key, access_secret, and aws_region, which Releval will use to sign requests to
the endpoint.
Custom HTTP Header Authentication
Custom HTTP Header Authentication provides a simple and flexible mechanism for providing custom authentication for a
search endpoint. It sends the supplied header and value as the HTTP header name, and HTTP header value, respectively,
for requests to the search endpoint.