The REST service provided by Axon.ivy are be default protected by HTTP BASIC Authentication. We suggest that you use https to communicate with the provided services since HTTP BASIC sends passwords in cleartext. All Axon.ivy users of an application can be used to authenticate against the REST service. Since 6.4 you can customize the security for each service or even on single methods: - @javax.annotation.security.PermitAll: `@javax.annotation.security.PermitAll`: allows unauthenticated access to anonymous users - @javax.annotation.security.RolesAllowed: `@javax.annotation.security.RolesAllowed`: users must be authenticated and own the defined roles - @javax.annotation.security.DenyAll: `@javax.annotation.security.DenyAll`: nobody is allowed to invoke this service - See the **SecureService** in the **ConnectivityDemos** for a demo: - Or look at the Jersey chapter about secure annotations. https://jersey.java.net/documentation/latest/security.html#annotation-based-security ![alt text][1] [1]: http://answers.axonivy.com/upfiles/secureRestService.PNG

Hi The REST service provided by Axon.ivy are currently be default protected by HTTP BASIC Authentication. There is no option to change the authentication mechanism at the moment. We suggest that you use https to communicate with the provided services since HTTP BASIC sends passwords in cleartext. All Axon.ivy users of an application can be used to authenticate against the REST service. RegardsSince 6.4 you can customize the security for each service or even on single methods: Reto Weiss - @javax.annotation.security.PermitAll: allows unauthenticated access to anonymous users - @javax.annotation.security.RolesAllowed: users must be authenticated and own the defined roles - @javax.annotation.security.DenyAll: nobody is allowed to invoke this service - See the **SecureService** in the **ConnectivityDemos** for a demo: - Or look at the Jersey chapter about secure annotations. https://jersey.java.net/documentation/latest/security.html#annotation-based-security ![alt text][1] [1]: http://answers.axonivy.com/upfiles/secureRestService.PNG

Hi The REST service provided by Axon.ivy are currently protected by HTTP BASIC Authentication. There is no option to change the authentication mechanism at the moment. We suggest that you use https to communicate with the provided services since HTTP BASIC sends passwords in cleartext. All Axon.ivy users of an application can be used to authenticate against the REST service. Regards Reto Weiss