πTerminology
Authentication and authorisation overview | Before users can make requests with your API, theyβll usually need to register for some kind of application key or learn other ways to authenticate the requests. APIs vary in the way they authenticate users. Some APIs just require you to include an API key in the request header, while other APIs require elaborate security due to the need to protect sensitive data, prove identity and ensure the requests arenβt tampered with. |
Authentication | Proving correct identity. |
Authorisation | Allowing a certain action. |
Tokens | The access token is a credential that can be used by a client to access an API. The access token can be any type of token such as an opaque string(or a JWT) and is meant for the API. The purpose of the access token is to inform the API that the bearer of this token has been authorised to access the API and perform specific actions (as specified in the scope that has been granted). The access token should be used as a bearer credential and transmitted in an HTTP authorisation header to the API.
|
Last updated