3.1 Access Signature (HTTP Header)
Access to the Thru REST API is secured through the usage of session identifier provided as part of the request header.
This session identifier should be received from the Authenticator service (see below).
All interactions with Thru REST Services API should take place over HTTPS.
However some actions that do not require security mechanisms should be available over HTTP.
Also session identifier allows the API to identify the caller and enforce the necessary access rules to the invoked endpoint.
Note: Not all endpoints require authenticated access.
If an endpoint does require authenticated access, the client needs to pass session ID in the Authorization request header: