Authentication and authorization
This chapter describes the authentication and authorization required to use the HTTP API.
This chapter includes the following sections:
1. Introduction
Authentication and authorization are enabled by default in Neo4j (refer to Operations Manual → Authentication and authorization). With authentication and authorization enabled, requests to the HTTP API must be authorized using the username and password of a valid user.
2. Missing authorization
If an Authorization
header is not supplied, the server will reply with an error.
Example request
-
POST http://localhost:41595/db/neo4j/tx/commit
-
Accept: application/json;charset=UTF-8
-
Content-Type: application/json
{
"statements" : [ {
"statement" : "CREATE (n:MyLabel) RETURN n"
} ]
}
Example response
-
401: Unauthorized
-
Content-Type: application/json;charset=utf-8
-
WWW-Authenticate: Basic realm="Neo4j"
{
"errors" : [ {
"code" : "Neo.ClientError.Security.Unauthorized",
"message" : "No authentication header supplied."
} ]
}
If authentication and authorization have been disabled, HTTP API requests can be sent without an |
3. Incorrect authentication
If an incorrect username or password is provided, the server replies with an error.
Example request
-
POST http://localhost:41859/db/neo4j/tx/commit
-
Accept: application/json;charset=UTF-8
-
Authorization: Basic bmVvNGo6aW5jb3JyZWN0
-
Content-Type: application/json
{
"statements" : [ {
"statement" : "CREATE (n:MyLabel) RETURN n"
} ]
}
Example response
-
401: Unauthorized
-
Content-Type: application/json;charset=utf-8
-
WWW-Authenticate: Basic realm="Neo4j"
{
"errors" : [ {
"code" : "Neo.ClientError.Security.Unauthorized",
"message" : "Invalid username or password."
} ]
}
Was this page helpful?