Protected resources may be accessed by sending an HTTP Basic Auth header if desired. Airlock IAM does not provide an explicit end-point for HTTP Basic Auth but it provides an authentication flow step that is capable of checking a username and password given an HTTP Basic Auth header.
If no "Authorization" header with username and password is present in a request to the URI, an HTTP status code 401 with the corresponding WWW-Authenticate header is returned. It uses the page access-unauthorized.jsp
as body.