Authentication: How Do I Tell Who I Am

The TBXDS engine requires you to send authentication information inside your data request. The authentication is simply a user-name setting, and possibly a user-key.

Most importantly, though, your IP address is checked and matched with your registration at Infront. This means it's rather useless to try to fake user names and keys. Since the IP address is used by the HTTP protocol to send the data back to the client, faking an IP-address is also not very likely to work.

Note

Earlier versions of the TBXDS service used two HTTP headers for authentication, outside of the xml request (i.e., USER and PWD; depending on the server software used, these can also be known as HTTP_USER and HTTP_PWD). The current version of the TBXDS has replaced this rather fragile method with the more robust forementioned attribute values.

Note that the location of the authentication does not make the TBXDS service either more or less 'safe', since the HTTP variables and xml attributes are passed through the same 'unsafe' HTTP protocol. The real protection lies in the restriction of IP-addresses.