openHAB 3 API and HTTP binding - authentication

Further to another (solved) discussion https://community.openhab.org/t/reset-an-item-label-in-rule/141091/18 I have taken my first travel down the road of openHAB 3’s API.

I’m trying to use the HTTP binding to read/set some openHAB regional settings, e.g. the language, from within mainUI.

To this end, I have created an Item settingLanguage, which is linked to a channel within a Thing created for the http binding:

UID: http:url:httpThing
label: httpThing
thingTypeUID: http:url
configuration:
  ignoreSSLErrors: true
  headers:
    - Authorization= Bearer
      eyJraWQiOm51bGwsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJvcGVuaGFiIiwiYXVkIjoib3BlbmhhYiIsImV4cCI6MTY2OTIzMDk4MCEio7itKKjCw_5hzPFXKsTKNA
  baseURL: http://openhabian:8080/rest/services/org.openhab.i18n
  delay: 0
  stateMethod: GET
  refresh: 30
  commandMethod: PUT
  contentType: application/json
  timeout: 3000
  bufferSize: 2048
channels:
  - id: language
    channelTypeUID: http:string
    label: Language
    description: ""
    configuration:
      stateExtension: config
      stateTransformation: JSONPATH:$.language

This sort of works (for some time). My problem is I do not know, which authorization parameters to set in the Thing configuration, in order to access (my own) openHAB server via the API. I fumbled around with the Authentication Mode (Basic, Preemptive Basic and Digest) as well as Username/Password combinations as per suggestions in other topics. However, none of that worked. I have taken the shortcut to put in the Authentication= Bearer header which you can see in the code(disguised) and which is sniffed directly from the Network traffic. This works for a while, but then apparently this needs to be changed to another Header… so this isn’t a solution.

Can you point me in the direction of how to correctly set authentication and other headers for the HTTP binding in order to access my own openHAB server?

If it is the sniffed one it may expire e.g. in case you log out from the session you sniffed it from.
Did you try to set a token in the admin profile area ?
Login as admin. Click on the admin account name to see the profile. There it is possible to create a token

It says:

API Tokens

Create API tokens to give external tools and services which don’t support the OAuth2 Authorization Framework permanent access on your behalf.

That’s exactly what is happening.

Tried that … for some reason, it doesn’t let me generate the Token (“Please try again”) - I’m sure on user name and password credential, but not so sure on how to name the token and scope.

You can give the token any name. It is just a label.
scope doesn’t matter. I think that is not implemented yet.