Category Archives: Tutorials


GET and POST HTTP Requests with Basic and Digest Authentication in Actionscript

While working on the recent Odeon X Men First Class project I implemented a PHP REST API by written by Neil Young. During this project I experimented with HTTP authentication within Flash so we could make the API more secure.

Odeon XMen: First Class Screenshot

Odeon XMen: First Class Screenshot

After reading around on various blogs, I realised that Flash does not support HTTP requests that well, and there are a few tricks you need to keep in mind when making requests. Firstly all POST requests will be sent as GET unless they hold variable data so sometimes you may need to set dummy variables just to make the requests the correct type like in this example:

var req:URLRequest = new URLRequest(“”);
req.method = URLRequestMethod.POST; = new URLVariables(“dummyvariable=grindheadgames”);

This is a horrible hack and something that may cause you problems. Another problem I encountered was that Flash does not support Digest Authentication. Initially we configured the project to use Digest and it worked locally, but once deployed on servers the authentication failed. This is a limitation within Flash player on the web, however if you really need it AIR does support Digest.

The final issue encountered was that Flash also does not support authentication of any kind with GET requests, which can be an issue with some API’s.

Using authentication within projects can be done, once you can navigate Adobes minefield of issues.

var request:URLRequest = new URLRequest(“”);
request.method = URLRequestMethod.POST; = new URLVariables(“username=user+

First build the URLRequest, and select which service you which to use. Set the request method to POST, as we are sending data.
Then create some new URLVariables to hold the username and password in and allow us to access to the secure API.

var encoder:Base64Encoder = new Base64Encoder();

var requestHeader:URLRequestHeader = new URLRequestHeader(“Authorization”, “Basic ” + encoder.toString());

Next we need to encode the credentials and then set the authentication header to Basic.

var loader:URLLoader = new URLLoader();

Finally we load the request, like any other. Not to hard to implement, if you can deal with the limitations imposed on you.

** UPDATE ** 21-July-2011

Neil Young has also written some tutorials on Extending Ian Shelby’s RESTful API, a great resource for anyone looking to implement Basic HTTP header authentication in Actionscript 3.0.