Authentication

A REST-based management application communicates with a configuration service running on the Admin Server (the Traffic Manager-based service used to provide the Admin UI), so the same security considerations apply:

•REST requests are authenticated using HTTP Basic Auth.

•REST traffic over HTTPS is automatically encrypted using SSL. Traffic over HTTP is not encrypted, so should only be used inside a secure environment or to/from localhost.

•The Traffic Manager Admin Server authenticates itself with its SSL certificate, which is generally self-signed. You might need to ensure that your REST application accepts self-signed certificates, or install a trusted SSL certificate in your Traffic Manager.

•REST requests are authenticated using the same user credentials as defined in the Administration Server. Individual object access is synonymous with page access in the Admin UI. For example, if a user wishes to view and manipulate pool objects, they must have been granted access to pools on the access permissions page.