Looking for Cloud Services or Professional Support? Check restheart.com

Edit Page


Authenticators verify credentials passed by the client and build the Account.

An Authentication Mechanism can delegate the verification of credentials to an Authenticator. For example, the default configuration enables the basicAuthMechanism that uses by default the mongoRealmAuthenticator.

RESTHeart provides two implementations of Authenticator:


The Authenticator class must implement the org.restheart.plugins.security.Authenticator interface.

public interface Authenticator extends IdentityManager {
  public Account verify(Account account);

  public Account verify(String id, Credential credential);

  public Account verify(Credential credential);


The Authenticator class must be annotated with @RegisterPlugin:

        description = "my custom authenticator")
public class MyAuthenticator implements Authenticator {



The Authenticator can receive parameters from the configuration file using the @Inject("config") annotation:

private Map<String, Object> config;

public void init() throws ConfigurationException {
    // get configuration arguments
    int number  = argValue(this.config, "number");
    String string = argValue(this.config, "string");

The parameters are defined in the configuration using the name of the authenticator as defined by the @RegisterPlugins annotation:

    number: 10
    string: a string