Skip to main content
Announcements
See why Qlik was named a Leader in the 2024 Gartner® Magic Quadrant™ for Data Integration Tools for the ninth year in a row: Get the report
cancel
Showing results for 
Search instead for 
Did you mean: 
TKendrick20
Partner - Specialist
Partner - Specialist

When to Use Header Authentication for Qlik Sense

Just wanted to share a couple thoughts on a topic I have Googled many, many times.

Header authentication into a Qlik Sense environment bypasses Qlik Sense's traditional authentication measures. Therefore, it can be used to easily test calls to the Qlik Repository Service (QRS) API, but can also be used as a backdoor into your system and should be guarded very carefully.

  • In conjunction with another authentication method such as certificate authentication or an external authentication portal
  • A carefully configured system of firewalls / proxies
  • In a development environment

The QRS contains information about the configuration of your Qlik Sense environment. Access to the QRS comes with immense power. You'll have the ability to view license information. create and drop users. adjust security rules, export apps, etc. So be careful when building header authentication into external applications to protect yourself from malicious interactions. If your intent is to simply have users interact with your apps and data, then ticket and session authentication are other, more secure options to pursue.

0 Replies