Enhance Project Resources with Request Header Authorization Mechanisms #6
Description
The project resources currently rely on session-based authorization for protecting access. This works well for browser-based clients.
To enable more flexibility for non-browser clients and integrations, we should add support for request header authorization using Basic Auth.
With Basic Auth, the client would pass an account_sid and auth_token in the request headers rather than relying on a session cookie.
Proposed Solution:
- Allow a header like Authorization: Basic <base64encoded[account_sid:auth_token]>
- The account_sid/auth_token can be validated against each user's account
- Session-based auth would continue to work alongside Basic Auth
Benefits:
This would enable building integrations and non-browser clients while continuing to support the current browser-based flows.