The Twitter API requires sending an authorization header, which is the base64 encoded API key, combined with the API secret key. In Node, I use:
var base64 = new Buffer(apiKey + ':' + apiSecret).toString('base64');
The sent header becomes:
Authorization: 'Basic ' + base64
What is the base64 dot encoding the string "apiKeyHere: apiSecretHere"? Why not just accept the authorization header containing the raw api attributes?
This question is similar to What is the purpose of encoding base 64 and why is it used in HTTP Basic Authentication? but the voted answer does not fully answer my question, Twitter api key and api secret key are already compatible with HTTP characters. They look something like this (this is not real):
Consumer Key (API Key) 8dme3utVQfOhlPk5BUG9XbFxR
Consumer Secret (API Secret) QFZXoC7MP72JZtGMBNpjLGI4Vl1xr1q9dyPLp3u7jGtkESpbLm
So why does base64 encode it? In addition, this post indicates that "the purpose of encoding is to encode non-HTTP compatible characters, which may be in the username or password in those that are HTTP compatible." Wouldn't a username and password be compatible with HTTP characters?
source
share