Authentication and authorization

This chapter describes the authentication and authorization required to use the HTTP API.

This chapter includes the following sections:

Introduction
Missing authorization
Incorrect authentication

1. Introduction

Authentication and authorization are enabled by default in Neo4j (refer to Operations Manual → Authentication and authorization). With authentication and authorization enabled, requests to the HTTP API must be authorized using the username and password of a valid user.

2. Missing authorization

If an Authorization header is not supplied, the server will reply with an error.

Example request

POST http://localhost:36525/db/neo4j/tx/commit
Accept: application/json;charset=UTF-8
Content-Type: application/json

{
  "statements" : [ {
    "statement" : "CREATE (n:MyLabel) RETURN n"
  } ]
}

Example response

401: Unauthorized
Content-Type: application/json;charset=utf-8
WWW-Authenticate: Basic realm="Neo4j"

{
  "errors" : [ {
    "code" : "Neo.ClientError.Security.Unauthorized",
    "message" : "No authentication header supplied."
  } ]
}

If authentication and authorization have been disabled, HTTP API requests can be sent without an Authorization header.

3. Incorrect authentication

If an incorrect username or password is provided, the server replies with an error.

Example request

POST http://localhost:35367/db/neo4j/tx/commit
Accept: application/json;charset=UTF-8
Authorization: Basic bmVvNGo6aW5jb3JyZWN0
Content-Type: application/json

{
  "statements" : [ {
    "statement" : "CREATE (n:MyLabel) RETURN n"
  } ]
}

Example response

401: Unauthorized
Content-Type: application/json;charset=utf-8
WWW-Authenticate: Basic realm="Neo4j"

{
  "errors" : [ {
    "code" : "Neo.ClientError.Security.Unauthorized",
    "message" : "Invalid username or password."
  } ]
}

Was this page helpful?