We're running CA Access Gateway (SPS), and we'd like to know what type of action (GET or POST) is recommended to use the REST base authentication. We're afraid that if a POST action is used, the credentials could show up in the CA Access Gateway (SPS) logs and traces.
As per our documentation, the REST Interface doesn't put the data in the URL, but set it as headers :
A URI in this format:
posts the following request:
Authentication REST Interface
So, the credentials won't show up in any log or traces.
More, the GET action is for the Authentication request, and the POST is the action for the Authorization.
See the sample in the same documentation page :
A URI in this format, http://hostname:port/authazws/AuthRestService/login/appID/Resource, posts the following request:
Authorization REST Interface
The REST interface for authorization is http://hostname:port/authazws/AuthRestService/authz/appID/Resource:
KB : TEC1252652