N1QL REST API document is not consistent on credential part


I’m reading the document for N1QL REST API: http://developer.couchbase.com/documentation/server/4.5/n1ql/n1ql-rest-api/index.html, and I noticed that under Request parameters section, in the description of creds parameter, it says:

If credentials are supplied in the request header (that is, using HTTP basic authentication), then creds is ignored

However, if you scroll down to Authentication parameters section, it says:

If a request contains both HTTP basic authentication header and a creds parameter, the HTTP basic authentication header is ignored

It’s confusing to me, and I want to know which part is correct?


Hi @johan_larson, please take a look.

Already on it, Gerald.

Steven, if you supply both basic authorization and the “creds” parameter, we use the basic authorization.

I just tested this on the current codebase. With a bucket “customer” having password “key”, this works:

curl http://localhost:8093/query/service -d "statement=select count(*) from customer&creds=[{\"user\":\"customer\",\"pass\":\"wrong\"}]" -u customer:key

This does not:

curl http://localhost:8093/query/service -d "statement=select count(*) from customer&creds=[{\"user\":\"customer\",\"pass\":\"key\"}]" -u customer:wrong

Accordingly, we are using the basic authorization info, not the creds array, when both are present.

1 Like