Outbound REST messages support multiple types of authentication.

Different web service providers may require a specific type of authentication. Outbound REST supports the following authentication formats.
  • Basic authentication using a username and password
  • OAuth 2.0 using an OAuth provider and profile
  • Mutual authentication using protocol profiles

Overriding REST authentication

You can define authentication for a REST message, or individually for each HTTP method. HTTP methods inherit authentication from their parent REST message record when the HTTP method Authentication type is Inherit from parent, which is the default value.

You can disable authentication for a specific HTTP method by setting the Authentication type field to No authentication, or specify authentication that is different from the parent REST message by selecting basic auth or OAuth.

Authentication requirements

Authentication requirement for REST Outbound are as follows:

  • Outbound REST supports mutual authentication only when using basic authentication. Mutual authentication is not available with OAuth 2.0.
  • OAuth 2.0 can be used only with messages that are not configured to use a MID Server. You cannot send OAuth 2.0 authenticated messages through a MID Server. Also, mutual authentication is not supported with MID Server.
  • When scripting new REST messages configured with authentication you must use the RESTMessageV2 API. The legacy RESTMessage APIs do not support current authentication formats.
  • AWS credentials or any other custom authentication are supported only with the REST step, not with the RestMessage API.