As soon as you started BOA, it will present the login screen. Once you entered the username, password and configured your URL, it will send a request to your login endpoint.
Request: yoururl:yourport/login
In a request there are some sections:
Parameters added to the URL: in this case there aren't any.
Headers added to the request: the authorization header.
Body with data to process: no data for the login. Username and password are included in the authorization.
Authorization: BOA uses the Basic authorization at login. This means that there will be an authorization header send. In this header the login and password are available in a 64bit encoded string.
Authorization: Basic <credentials>
Where credentials is the base64 encoding of username and password joined by a colon.
Example: base64encode(username:password)
Base64encode function not available?
What to do if you don't have a base64 encode and decode function available in the language you are using?
You can create the string you will receive with an online Basic authorization header generator. The string is always the same. Suppose you have a user with the name 'abc' and the password 'abc001'. With an online basic encoder, you will get this as a string:
So when this user wants to login with BOA, the authorazation header as below will be send. Once you have this key in your system, you can check on the complete string. If you find the string, you know that it is your user abc who wants to login. This way you don't need to decode the received string.
Authorization: Basic YWJjOmFiYzAwMQ==
When you want to start, you need to respond to the login. See the following topic in the documentation: Login Response.