Space Scope

Each API request is restricted to the Space that is indicated by the path parameter in the URL. In other words, responses will only contain results for items that are associated to the Space that is being accessed. Security policies are also evaluated to ensure only items the user has access to are returned in the response.

If an API request was sent to get a list of Kapps, only Kapps associated to the Space that the current user has access to will be returned. The response will not contain any Kapps associated to a different Space in the system, and it will not contain any Kapps that the user does not have access to.

Authentication

Most of the API requests require user authentication. If an authenticated session has already been established, then the user identity held in the session will be used. Otherwise a Basic Authentication header can be included with the request, supplying the token associated to the username and password for the Space user.

Kinetic Core currently only supports HTTP Basic authentication for REST API access.

HTTP Basic Authentication

Combine the username and password into a string separated by a colon (:)
```
username:password
```
Encode the string using Base64
Add the encoded string to your request using the Authorization header, prefixed with Basic
```
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
```

Response Format

All responses will be returned using the JSON format.