For our api user we need two styles of authentication: authenticate the api-user (mobile-device,

Question

0

Editorial Team

Asked: May 16, 20262026-05-16T23:00:44+00:00 2026-05-16T23:00:44+00:00

For our api user we need two styles of authentication: authenticate the api-user (mobile-device,

0

For our api user we need two styles of authentication:

authenticate the api-user (mobile-device, partner integration)
authenticate a specific “normal” user, which owns data on our side

The standard challenge vs. response is handled through WWW-Authenticate and Authorization Headers. I want to reuse this.

I have following use-case: On first level we authenticate the api-user (e.g. mobile device), for some api-actions we also need to authenticate a user (e.g. user of mobile device). So we have a special case where we need two authentications schemes “at once”.

Looking at http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html I cannot see that having two different schemes inside one ‘Authorization’ Header is possible.


// I just made up delimiter ';'
Authorization: Digest .... ; CustomXXX ...

Am I correct, if so is there an alternative?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T23:00:45+00:00

Editorial Team

2026-05-16T23:00:45+00:00Added an answer on May 16, 2026 at 11:00 pm

No, Authorization can only take one set of credentials.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

For our api user we need two styles of authentication: authenticate the api-user (mobile-device,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply