πŸ“–Terminology

Authentication and authorisation overview

Before users can make requests with your API, they’ll usually need to register for some kind of application key or learn other ways to authenticate the requests. APIs vary in the way they authenticate users. Some APIs just require you to include an API key in the request header, while other APIs require elaborate security due to the need to protect sensitive data, prove identity and ensure the requests aren’t tampered with.

Authentication

Proving correct identity.

Authorisation

Allowing a certain action.

Tokens

The access token is a credential that can be used by a client to access an API. The access token can be any type of token such as an opaque string(or a JWT) and is meant for the API. The purpose of the access token is to inform the API that the bearer of this token has been authorised to access the API and perform specific actions (as specified in the scope that has been granted). The access token should be used as a bearer credential and transmitted in an HTTP authorisation header to the API.

  • General

  • Intention

  • Submission

Last updated