DreamFactory services can be authenticated using Basic Authentication or OAuth 2.0.
# DreamFactory Security
Let's read some basics first:
Securing the Mobile Enterprise
# Authentication and Authorization
Out of the box applications authenticate with DreamFactory with Basic Authentication. There is a full description of how this works on dreamfactory.com 
However you can also use OAuth2.0 for users to log into a DreamFactory Service -
dreamfactory.com
See also: - DreamFactory and OAuth
# Example
Below we use curl to log into DreamFactory as an Admin and get a DreamFactory session token:
curl -i -k -3 -X POST "http://localhost:8080/api/v2/system/admin/session" -d '{ "email" : "you@you.com", "password" : "your_password" }' -H "Content-Type: application/json"
You can also explore this on the live api over at dreamfactory.com
Once we have logged in we can, make an API call to a DreamFactory service that the loggedin user has access to.
DreamFactory combines the request URL from the client with the configured base URL for the service to generate the actual URL for the request. You can now call any MapQuest Geocoding API endpoint with a DreamFactory session!
In the example below we call the MapQuest Geocoding API with a street address:
curl -i -k -3 -X GET "http://localhost:8080/api/v2/mapquest_geocoding/address?location=100%20Park%20Ave%2C%20New%20York%2C%20NY" -H "X-DreamFactory-Api-Key: <api key for the admin app in the apps tab>" -H "X-DreamFactory-Session-Token: <session token returned by the login api call above>"
# Note on statelessness
You might think that this violates the stateless requirement of RESTful calls, but basic authentication with authentication caching is the way to go:
- Do sessions violate RESTfulness? - stackoverflow
- Understanding RESTful stateless? - stackoverflow
# See also - Microservices - DreamFactory - DreamFactory Services - Reusable APIs - DreamFactory Wiki - Reusable APIs