You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > DW Product Help > Software Applications > DW Spectrum > DW Spectrum - Phasing Out Digest Authentication
DW Spectrum - Phasing Out Digest Authentication
print icon

Phasing Out Digest Authentication

-----------------------------------

Affected Roles: Administrators

Related Digital Watchdog VMS Apps: DW Spectrum Pro

Software Version: DW Spectrum 6.0

Last Edit: October 30, 2025

-----------------------------------

Phasing Out Digest Authentication

With the introduction of Bearer Authentication tokens in DW Spectrum version 5.0 (June 2022), the older Digest Authentication method has been deemed officially deprecated. As a result, the Digest Authentication feature is marked for removal.

While Digest Authentication may still work with the version of DW Spectrum Professional at the time of this writing, it is no longer a recommended form of cybersecurity and is no longer guaranteed to function in future versions.

For Digest Authentication, this means:

  • The feature is outdated and will no longer receive active development.
  • The feature will be disabled in incoming releases.
  • Users should transition to newer, more secure alternatives (e.g., Bearer Authentication).

We understand this update may raise some concerns, but the actual impact is smaller than it may seem at this time.

This article will walk you through what is being changed and the recommended steps to support you in your preparation for the release of version 6.1.

 

Changes with Version 6.1

Standard Security Level

  • In version 6.1, Digest Authentication is still available if your system is set to the Standard security level for local user accounts.
    • Security configuration is performed during the initial system configuration process, when the DW Spectrum System is initially created, in Advanced System Settings > Security Level.
  • In version 6.1, Digest Authentication is removed if your system is set to the Standard security level for Cloud User accounts.
  • Local User accounts can still be created with Digest Authentication, both in upgraded systems and in new installations.
  • If you create a user profile with Digest Authentication in version 6.1, you will see a warning (like version 6.0) stating that Digest Authentication will be disabled in the next major version.

 

High Security Level

  • In version 6.1, Digest Authentication is disabled if your system is set to the Standard security level for local user accounts.
  • In version 6.1, Digest Authentication is removed if your system is set to the Standard security level for cloud user accounts.
  • Exiting users configured with Digest Authentication will no longer be able to log in or authenticate API requests.

 

Recommended Actions

While most users use Bearer Authentication by default since its introduction in version 5.0, Administrators should take the following steps.

 

  1. Review User Accounts
  • Confirm if any user profiles are configured to use Digest Authentication. If so, transition them to use Bearer Authentication as soon as possible.
  1. Review Rules and Events
  • Generic Events: Some Generic Event rules may use a user profile that relies upon Digest Authentication. Update these profiles to use Bearer Authentication or one-time ticket tokens.
  1. Update Actions
    • Older event rules that have “Do HTTP(S) request” as a resulting action may require Digest Authentication, even when Bearer Authentication may have been added for third-party integrations. This cannot be used with the VMS as the tokens need to be refreshed before they become void.
    • Switch to the new “Site HTTPS request” action, that will be introduced in version 6.1.
        • This action type is designed for API requests within the same site and uses Token-based Authentication instead of Digest Authentication.

 

Bearer Authentication and One-Time Ticket Tokens

Token-based Authentication provides stronger security and greater flexibility:

  • Bearer Tokens (login session) – used for ongoing authentication.
  • Basic Authorization header – used for integrations that are unable to use a bearer token.
  • One-time Ticket Tokens (Authorization ticket) – used for temporary or single-use authentication.

For more details, you can refer to the article: DW Spectrum - SDK/API Tools.

 

Custom Integrations

Digest Authentication depreciation was announced in the 5.0 changelog (June 2022) to give integrators time to update.

If you rely on custom integrations, plugins, or third-party tools:

  • Contact the integration developer to confirm that they have migrated to a compatible REST API version.
  • Ensure that Token Authentication (Bearer or Basic Authorization headers) or ticket-based authentication is implemented.
  • Verify compatibility with the VMS version that you are running.

 

 

______________________________________________________________________________

For More Information or Technical Support

DW Technical Support: https://www.digital-watchdog.com/contact-tech-support/

DW Sales: [email protected] | www.digital-watchdog.com

Rev: 06/25                              Copyright © DW. All rights reserved. Specifications and pricing subject to change without notice.                            

Tags

close button
scroll to top icon