Authentication and authorization
Authentication and authorization are enabled by default in Neo4j (refer to Operations Manual → Authentication and authorization). With authentication and authorization enabled, requests to the HTTP API must be authorized using the username and password of a valid user.
Missing authorization
If an Authorization
header is not supplied, the server will reply with an error.
Example request
-
POST http://localhost:7474/db/neo4j/tx/commit
-
Accept: application/json;charset=UTF-8
-
Content-Type: application/json
{
"statements": [
{
"statement": "CREATE (n:MyLabel) RETURN n"
}
]
}
Example response
-
401: Unauthorized
-
Content-Type: application/json;charset=utf-8
-
WWW-Authenticate: Basic realm="Neo4j"
{
"errors" : [ {
"code" : "Neo.ClientError.Security.Unauthorized",
"message" : "No authentication header supplied."
} ]
}
If authentication and authorization have been disabled, HTTP API requests can be sent without an |
Incorrect authentication
If an incorrect username or password is provided, the server replies with an error.
Example request
-
POST http://localhost:7474/db/neo4j/tx/commit
-
Accept: application/json;charset=UTF-8
-
Authorization: Basic bmVvNGo6aW5jb3JyZWN0
-
Content-Type: application/json
{
"statements": [
{
"statement": "CREATE (n:MyLabel) RETURN n"
}
]
}
Example response
-
401: Unauthorized
-
Content-Type: application/json;charset=utf-8
-
WWW-Authenticate: Basic realm="Neo4j"
{
"errors" : [ {
"code" : "Neo.ClientError.Security.Unauthorized",
"message" : "Invalid username or password."
} ]
}
Authentication failure on open transactions
A Neo.ClientError.Security.Unauthorized
error will typically imply a transaction rollback.
However, due to the way authentication is processed in the HTTP server, the transaction will remain open.
Was this page helpful?