Message sequence for Zuora callout basic authentication
The basic authentication for Zuora callouts is compliant with RFC 7235 and RFC 7617.
See the following message sequence for the default flow of Zuora callout basic authentication.
- Zuora sends an HTTP request to the callout receiver with no credentials.
- The callout receiver responds to Zuora with a 401(Unauthorized) response that has a
WWW-Authenticateheader field containing at least one challenge.
- Zuora sends to the callout receiver a second request that has an
Authorizationheader field containing valid credentials.
- The callout receiver responds to Zuora with a 200 response upon validation of credentials.