Does opennms:import-requisition already allows basic auth fields in the url ?

Yes:

Yeah, just giving some heads-up on the task involved. Ideally instead of embedding the auth in the url, UI should allow it to enter credentials separately ( may also be specified as metadata fields). For now, we can support them with basic auth.

Does opennms:import-requisition already allows basic auth fields in the url ?

Thank you . I wasn’t thinking in terms of just updating the front end.

I believe Dino is asking to support hostnames with auth/metadata in the External requisition Editor. ( See pics attached)

This involves UI changes to allow such fields and then update Rest API to allow username/password ( directly or retrieve through metadata).

Following docs will give you more info.

need clarification on how the External Requisition Editor fetches requisitions

For an http type external requisition, as far as I know, it is an http GET request using the url parameter.

should they be entered manually or retrieved from SCV metadata?

Ideally, both should be possible.

Does the current implementation support Authorization headers, or do we need to extract credentials from the URL?

As far as I am aware they would have to be extracted from the URL, as demonstrated in the above show-import example.

Since show-import supports Basic Auth, should we follow the same approach?

Sure.

Are there any security concerns regarding credential storage/logging?

Credentials shouldn’t be logged. If they are entered as plaintext in the URL (as demonstrated above), I don’t care, as long as SCV metadata interpolation is available for the customers that require or prefer greater security.

Lastly, is there any documentation or code references I can follow to understand the workflow in detail?

I wouldn’t know, I am not a Java developer. I’d ask around in Engineering for suggestions.