Authentication methods for REST API and WebDAV

Top / Developers / Authentication methods for REST API and WebDAV

About authentication

In general, credentials are secured via single sign-on with OAUTH2. For compatibility or ease of application support, some APIs may use BASIC authentication.

The relationship between certification required areas and resources

In addition to the credentials issued by OAUTH2, a different API-KEY is required for each application(see below) of /ba/user/In addition to BASIC authentication (*), API-KEY is required.
WebDAV AccessAuthorization for /dav/ and /backup/BASIC authentication (*)
Users who have registered by 16:25 on June 2, 2021 can access /dav/ using BASIC authentication unless they disable it in MyPage.
Newly registered users after 16:25 on June 2, 2021 will not be able to access /dav/ using BASIC authentication unless they activate it in MyPage.
WebDAV AccessAuthorization for /v2/dav/Credentials issued by OAUTH2

About the URL of the authentication required areas

In the WebDAV area, the following paths of each node server are subject to BASIC authentication.

Authentication is mandatory for REST APIs, with some exceptions.

Authentication Method

Certification with OAUTH2

Scheduled to be published separately.

BASIC authentication (*)


All access requires SSL (TLS v1.2 or later) and therefore does not support Digest-type BASIC authentication.

BASIC authentication

Method using HTTP Request Header, Authorization: Both preemptive and non-preemptive modes are supported.


The ID is the same as the one you use to log into InfiniCLOUD.


Users can utilize MyPage to renew or deactivate the external application connection, which will be used when logging in, if they registered by 16:25 on June 2, 2021.After 16:25 on June 2, 2021, newly registered users will have BASIC authentication turned OFF by default; they must allow external application connections on MyPage.The password is then generated at random by the system.

Credentials required for REST API access

To access the REST API you will need two credentials. The API will be recognized when the two credentials are both compatible and correct.

User ID, password


Acquisition of API KEY

Developers can apply for an API Key from the corresponding application registration request form.

Any developer, corporation, individual, or open source, is welcome to apply. InfiniCloud may ask to confirm the individuals or entities credentials upon the submission.

The API Key cannot be secured because it must be entered on the application side. This API Key can be viewed as a means for designating the program as a gentleman's agreement if it is open source, in which case it may be committed to GitHub, etc.

In the future, based on requests from application developers, we plan to implement a function to invalidate API Keys and invalidate unique API Keys for individual users.

How to give the API Key

The API Key needs to be sent in one of the following ways listed below.

Method to send with HTTP Request Header
 A method of sending by HTTP Request Header.
 Send the Request Header with X - InfiniCLOUD - API - KEY:. It can be used with all REST APIs.

Method to send with MatrixParam
 Send by Matrix Parameter on URL.
 Send api_key = to the necessary part of the URL. It can be used with all REST APIs.

Since InfiniCLOUD's REST Interface solely uses HTTPS for communication, it does not require a specific REST Client stack. It is currently feasible to pick access by either of the aforementioned two techniques, despite the fact that the simple access method is thought to differ depending on the language to be used, the library stack, and the application programmer's development methodology.

Other information

Format of API KEY
Send 128 bits in hexadecimal, uppercase BINHEX.
Validity period
That request only.
Create My Account (20GB Free)

Easy one-minute registration! Start backing up today!
Works online, Windows, Mac, iOS and Android