# 🔐 Authentication

## Summary

BeMap API requires authentication for all service calls.

You can authenticate in two ways:

- Using **HTTP Basic Authorization** via the `Authorization` header.
- Using **URL parameters** (`appid` and `appcode`).


After successful authentication, the server sets a session cookie (`SESSION` or `JSESSIONID`) that can be reused for subsequent requests.

## Available Environments

Choose the appropriate environment based on your usage context:

- 🧪 **Beta**: `https://bemap-beta.benomad.com/bgis`
- 📦 **Preproduction**: `https://bemap-preprod.benomad.com/bgis`
- 🚀 **Production**: `https://bemap-prod.benomad.com/bgis`


## Endpoint

**BND Authentication endpoint**:
`https://[environment]/bgis/bnd`

## 🔑 Authentication Methods

### 1. Using HTTP Header

Send a request with the following header:


```
Authorization: Basic base64(appid:appcode)
```

> Example:
`Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l`


### 2. Using URL Parameters

Send a `POST` request to:


```
https://[environment]/bgis/bnd?appid=your_appid&appcode=your_appcode
```

With the header:


```
Content-Type: application/x-www-form-urlencoded
```

## 🍪 Reuse Session Cookie

After the first successful authentication:

- Retrieve the `SESSION` or `JSESSIONID` value from the response headers.
- Include it in the `Cookie` header for all subsequent requests.


Example:


```
Cookie: JSESSIONID=123456789
```