Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
128
Views
1
Helpful
1
Replies

HTTP X-Auth-Token versus HTTP Authorization

Go to solution
Mitrixsen
Level 1
Level 1

‎06-14-2025 04:03 AM

Hello, everyone.

I am early into automation for my ENCOR 350-401 exam and I have a question.

When we work with HTTP/HTTPs when making REST API calls, the Authorization header is used to provide authentication parameters such as username/password.

When sending API calls to Cisco Catalyst Center in the Devnet Sandbox, you must first pass in credentials that will generate a token. You then use this token to authenticate yourself for any further requests.

When providing the token, why can't I just use the Authorization header and insert the token there?

Mitrixsen_0-1749898918017.png

Why is X-Auth-Token necessary instead? How does the operation differ? Why does one work but not the other one?

Mitrixsen_1-1749898985030.png

Thank you.

David

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bigevilbeard
VIP
VIP

‎06-14-2025 05:17 AM

Hey @Mitrixsen design choice for this API. Many APIs use the standard auth bear way, but you still find many enterprise systems using custom headers like this.

If you did put the same token in the auth header instead, the servers authentication code just opts to ignores it, as its not checking that header location for tokens and the middleware does not even look at auth header during its token validation process.

Hope this helps.

 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

View solution in original post

1 Reply 1

Go to solution
bigevilbeard
VIP
VIP

‎06-14-2025 05:17 AM

Hey @Mitrixsen design choice for this API. Many APIs use the standard auth bear way, but you still find many enterprise systems using custom headers like this.

If you did put the same token in the auth header instead, the servers authentication code just opts to ignores it, as its not checking that header location for tokens and the middleware does not even look at auth header during its token validation process.

Hope this helps.

 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
Customers Also Viewed These Support Documents