The Transformation Services and Data Upload Service support authentication through HTTP basic authentication, or in conjunction with the Token Service. The user account that runs a workspace and requests a service must have Run permission on the repository in which the workspace resides, and Access permission to the service.
HTTP Basic Authentication
To authorize access, the web services first attempt the credentials (user name and password) of the user account associated with the request. If this attempt fails, access is attempted through the credentials of the guest user account. If this attempt fails, the web services return a Basic HTTP authentication challenge to the requesting client, such as a web browser.
Note: For more information about the guest user account, see About the Trusted User Account.
A token can be specified in a header or query string parameter. For security reasons, providing the token in a header is the preferred method, because a request URL may be logged by proxies or web servers.
Specify the following to supply the Authorization header:
Query String Authorization
The query string parameter is token. For example, to run the Data Download Service: