Digest, NTLM & other
Beyond the common token-based methods, Vegha supports four additional auth schemes for older or enterprise APIs. Each is configured from the Authorization tab.
Digest
Section titled “Digest”HTTP Digest authentication responds to a server challenge with a hashed credential, so the password is never sent in clear text.
| Field | Description |
|---|---|
| Username | The account username |
| Password | The account password |
Vegha performs the challenge/response handshake automatically — it issues the initial request, reads the WWW-Authenticate challenge, and resends with the computed Authorization header.
NTLM is a Windows-integrated authentication protocol used by many intranet and on-premises services.
| Field | Description |
|---|---|
| Username | The account username |
| Password | The account password |
| Domain | The Windows domain, if required |
OAuth1
Section titled “OAuth1”OAuth 1.0a signs each request with a consumer key/secret and a token key/secret.
| Field | Description |
|---|---|
| Consumer Key | The application’s consumer key |
| Consumer Secret | The application’s consumer secret |
| Token | The access token |
| Token Secret | The access token secret |
| Signature Method | The signing algorithm (for example HMAC-SHA1) |
If your API uses OAuth 2.0 rather than 1.0a, use OAuth2 instead.
WSSE UsernameToken
Section titled “WSSE UsernameToken”WSSE UsernameToken adds a WS-Security UsernameToken header, used by some SOAP and legacy web services.
| Field | Description |
|---|---|
| Username | The account username |
| Password | The account password |
Vegha generates the nonce, timestamp, and password digest required by the WSSE specification.
Variables and secrets
Section titled “Variables and secrets”Every field above supports {{variable}} interpolation and secret:// references. Keep passwords and secrets in an environment or a secret manager rather than typing them inline.