Skip to main content

Authentication Overview

The Sistema de Gestión de Propiedades API uses HTTP Basic Authentication to secure administrative operations. Public read endpoints don’t require authentication, but creating, updating, or deleting properties requires valid credentials.

Authentication Model

Public Endpoints (No Auth Required)

These endpoints are publicly accessible:
  • GET /api/propiedades - List all properties
  • GET /api/propiedades/{id} - Get a specific property
  • GET /doc - OpenAPI specification
  • GET /ui - Swagger UI

Protected Endpoints (Basic Auth Required)

These administrative endpoints require authentication:
  • POST /api/propiedades - Create a new property
  • PATCH /api/propiedades/{id} - Update a property
  • DELETE /api/propiedades/{id} - Delete a property
  • GET /api/auth/verify - Verify credentials

HTTP Basic Authentication

Basic Authentication is a simple authentication scheme built into the HTTP protocol. Credentials are sent as base64-encoded username:password pairs in the Authorization header.

How It Works

1

Combine credentials

Concatenate your username and password with a colon: username:password
2

Encode to base64

Encode the string using base64 encoding
3

Add Authorization header

Send the encoded credentials in the Authorization header with the Basic prefix

Example

If your credentials are:
  • Username: admin
  • Password: secret123
The header would be: 
Authorization: Basic YWRtaW46c2VjcmV0MTIz

Making Authenticated Requests

# Using -u flag (easiest)
curl -u username:password \
  https://idforideas-1.jamrdev.com.ar/api/propiedades

# Using Authorization header
curl -H "Authorization: Basic $(echo -n 'username:password' | base64)" \
  https://idforideas-1.jamrdev.com.ar/api/propiedades

Verifying Credentials

Before saving credentials in your application, you can verify them using the verification endpoint: 
curl -u username:password \
  https://idforideas-1.jamrdev.com.ar/api/auth/verify
Success Response (200): 
{
  "authenticated": true,
  "user": "username"
}
Failure Response (401): 
{
  "error": "Unauthorized"
}
Use the verify endpoint to validate credentials before storing them in your application’s state or configuration.

Security Best Practices

Always use HTTPS when making authenticated requests. Basic Auth credentials are only base64-encoded, not encrypted.

Recommendations

  1. Use HTTPS Only - The API is served over HTTPS, ensuring credentials are encrypted in transit
  2. Don’t Hardcode Credentials - Store credentials in environment variables or secure configuration
  3. Rotate Credentials Regularly - Update passwords periodically
  4. Limit Credential Exposure - Only share admin credentials with trusted team members
  5. Validate Before Storing - Use the /api/auth/verify endpoint before persisting credentials

Environment Variables

For deployment, credentials are configured using Cloudflare Workers environment variables:
  • ADMIN_USER - Administrator username
  • ADMIN_PASS - Administrator password
See the Environment Variables guide for setup instructions.

Error Responses

401 Unauthorized

Returned when:
  • No Authorization header is provided
  • Credentials are invalid
  • Credentials are malformed
{
  "error": "Unauthorized"
}

Example Error Scenario

# Request without authentication
curl -X POST https://idforideas-1.jamrdev.com.ar/api/propiedades \
  -H "Content-Type: application/json" \
  -d '{"ciudad": "Buenos Aires"}'

# Response: 401 Unauthorized

Implementation Details

The API uses Hono’s basicAuth middleware to validate credentials: 
// Source: Backend/src/middlewares/auth.ts
import { basicAuth } from 'hono/basic-auth'
import { Context, Next } from 'hono'

export const adminAuthMiddleware = async (c: Context, next: Next) => {
  const auth = basicAuth({
    username: c.env.ADMIN_USER,
    password: c.env.ADMIN_PASS,
  })
  
  return auth(c, next)
}

Next Steps

Basic Auth Details

Deep dive into Basic Authentication implementation

Environment Variables

Configure authentication credentials for deployment

Creating Properties

Use authentication to create properties

Verify Endpoint

API reference for credential verification

Build docs developers (and LLMs) love

Get started for freeTalk to us