internal static HttpServer Create(Func<HttpResponseMessage, string> normalizationCallback = null,
                                            Func<HttpRequestMessage, string, bool> verificationCallback = null)
        {
            var configuration = new HttpConfiguration();

            configuration.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );

            Func<string, Credential> callback = (id) => Credentials.FirstOrDefault(c => c.Id == id);

            var authConfig = new AuthenticationConfiguration() { RequireSsl = false };
            authConfig.AddHawkAuthentication(callback, allowBewit: true,
                                                        normalizationCallback: normalizationCallback,
                                                            verificationCallback: verificationCallback);

            configuration.MessageHandlers.Add(new AuthenticationHandler(authConfig));

            return new HttpServer(configuration);
        }