https://community.cisco.com/t5/network-platform-api/http-x-auth-token-versus-http-authorization/m-p/5299258#M8553 <P>Hello, everyone.</P> <P>I am early into automation for my ENCOR 350-401 exam and I have a question.</P> <P>When we work with HTTP/HTTPs when making REST API calls, the&nbsp;<STRONG>Authorization&nbsp;</STRONG>header is used to provide authentication parameters such as username/password.</P> <P>When sending API calls to Cisco Catalyst Center in the Devnet Sandbox, you must first pass in credentials that will generate a token. You then use this token to authenticate yourself for any further requests.</P> <P>When providing the token, why can't I just use the&nbsp;<STRONG>Authorization&nbsp;</STRONG>header and insert the token there?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Mitrixsen_0-1749898918017.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/246480i8B43C355B817B5A5/image-size/large?v=v2&amp;px=999" role="button" title="Mitrixsen_0-1749898918017.png" alt="Mitrixsen_0-1749898918017.png" /></span></P> <P>Why is&nbsp;<STRONG>X-Auth-Token&nbsp;</STRONG>necessary instead? How does the operation differ? Why does one work but not the other one?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Mitrixsen_1-1749898985030.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/246481iF4264799D89EC1BD/image-size/large?v=v2&amp;px=999" role="button" title="Mitrixsen_1-1749898985030.png" alt="Mitrixsen_1-1749898985030.png" /></span></P> <P>Thank you.</P> <P>David</P> Sat, 14 Jun 2025 11:03:46 GMT Mitrixsen 2025-06-14T11:03:46Z https://community.cisco.com/t5/network-platform-api/http-x-auth-token-versus-http-authorization/m-p/5299258#M8553 <P>Hello, everyone.</P> <P>I am early into automation for my ENCOR 350-401 exam and I have a question.</P> <P>When we work with HTTP/HTTPs when making REST API calls, the&nbsp;<STRONG>Authorization&nbsp;</STRONG>header is used to provide authentication parameters such as username/password.</P> <P>When sending API calls to Cisco Catalyst Center in the Devnet Sandbox, you must first pass in credentials that will generate a token. You then use this token to authenticate yourself for any further requests.</P> <P>When providing the token, why can't I just use the&nbsp;<STRONG>Authorization&nbsp;</STRONG>header and insert the token there?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Mitrixsen_0-1749898918017.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/246480i8B43C355B817B5A5/image-size/large?v=v2&amp;px=999" role="button" title="Mitrixsen_0-1749898918017.png" alt="Mitrixsen_0-1749898918017.png" /></span></P> <P>Why is&nbsp;<STRONG>X-Auth-Token&nbsp;</STRONG>necessary instead? How does the operation differ? Why does one work but not the other one?</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Mitrixsen_1-1749898985030.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/246481iF4264799D89EC1BD/image-size/large?v=v2&amp;px=999" role="button" title="Mitrixsen_1-1749898985030.png" alt="Mitrixsen_1-1749898985030.png" /></span></P> <P>Thank you.</P> <P>David</P> Sat, 14 Jun 2025 11:03:46 GMT https://community.cisco.com/t5/network-platform-api/http-x-auth-token-versus-http-authorization/m-p/5299258#M8553 Mitrixsen 2025-06-14T11:03:46Z https://community.cisco.com/t5/network-platform-api/http-x-auth-token-versus-http-authorization/m-p/5299266#M8554 <P>Hey&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1297969">@Mitrixsen</a>&nbsp;<SPAN>design choice for this API. Many APIs use the standard auth bear way</SPAN><SPAN>, but you still find many enterprise systems using custom headers like this.</SPAN></P> <P><SPAN>If you did put the same token in the auth header instead, the servers authentication code just opts to ignores it, as its not checking that header location for tokens and the middleware does not even look at auth header during its token validation process.</SPAN></P> <P><SPAN>Hope this helps.</SPAN></P> <P>&nbsp;</P> Sat, 14 Jun 2025 12:17:15 GMT https://community.cisco.com/t5/network-platform-api/http-x-auth-token-versus-http-authorization/m-p/5299266#M8554 bigevilbeard 2025-06-14T12:17:15Z