Authentication
To use the HCPmanagement API, you need either a system-level or tenant-level user account that’s defined in HCP. If HCP is configured to support Windows Active Directory® (AD), you can also use an AD user account that HCP recognizes to access HCP through the metadata query API.
HCP also accepts Active Directory authentication provided through the SPNEGO protocol or the AD authentication header. For more information about SPNEGO, see http://tools.ietf.org/html/rfc4559.
You need to provide credentials with every management API request. If you do not provide credentials or provide invalid credentials, HCP responds with a 403 (Forbidden) error message.
To provide credentials in a management API request, you specify an authentication token
in an HTTP Authorization request header.
HCP also accepts credentials provided in an hcp-api-auth
cookie. However, this method of providing credentials has been deprecated and should not be used in new applications.