This chapter describes authentication and authorization using the Neo4j HTTP API.
This chapter includes the following sections:
Authentication and authorization are enabled by default in Neo4j (refer to Operations Manual → Enabling authentication and authorization). This means that requests to the HTTP API must be authorized using the username and password of a valid user.
When Neo4j is newly installed, the default user neo4j has the default password neo4j.
The default password must be changed before access to resources will be permitted.
See Section 3.8, “Changing the user password” for how to set a new password.
Authenticate by sending a username and a password to Neo4j using HTTP Basic Auth.
Requests should include an Authorization header with a value of Basic <payload>, where payload is a base64-encoded string of username:password.
Example request
Example response
{
"password_change_required" : false,
"password_change" : "http://localhost:7474/user/neo4j/password",
"username" : "neo4j"
}If an Authorization header is not supplied, the server will reply with an error.
Example request
Example response
{
"errors" : [ {
"code" : "Neo.ClientError.Security.Unauthorized",
"message" : "No authentication header supplied."
} ]
}|
If authentication and authorization have been disabled, HTTP API requests can be sent without an |
If an incorrect username or password is provided, the server replies with an error.
Example request
Example response
{
"errors" : [ {
"code" : "Neo.ClientError.Security.Unauthorized",
"message" : "Invalid username or password."
} ]
}In some cases, for example the very first time Neo4j is accessed, the user will be required to choose a new password. The database will signal that a new password is required and deny access.
See Section 3.8, “Changing the user password” for how to set a new password.
Example request
Example response
{
"password_change" : "http://localhost:7474/user/neo4j/password",
"errors" : [ {
"code" : "Neo.ClientError.Security.Forbidden",
"message" : "User is required to change their password."
} ]
}On first access, and using the default password, the user status will indicate that the users password requires changing.
Example request
Example response
{
"password_change_required" : true,
"password_change" : "http://localhost:7474/user/neo4j/password",
"username" : "neo4j"
}Given that you know the current password, you can ask the server for the user status.
Example request
Example response
{
"password_change_required" : false,
"password_change" : "http://localhost:7474/user/neo4j/password",
"username" : "neo4j"
}Given that you know the current password for a user, you can ask the server to change that user’s password. You can choose any password as long as it is different from the current password.
Example request
{
"password" : "secret"
}Example response