search

Authentication Types

hashtag
Basic Authentication

  • HTTP Authorization header

  • Base64-encoded credentials

hashtag
API Keys

  • Typically, within HTTP header

  • Kind of username and password at once

LogoAPI Keys: API Authentication Methods & ExamplesStoplightchevron-right

hashtag
TLS Authentication

  • HTTPS requires only the server/API to present a certificate

  • mutual TLS (mTLS) request both parties to present a certificate

hashtag
Token Based Authentication

  • A trusted 3rd party issues tokens

  • They expire

  • Can convey more information than just called ID, which can used for authorization

  • OAuth use scopes, OpenID Connect adds claims

OAuth is a delegation protocol and its main goal is API access. OpenID Connect is an Identity layer atop of OAuth which define user authentication metadata, can control authentication and federation. OAuth 2.0 is the standard today and require HTTPS.

PreviousAPI AuthenticationNextOAuth Actors

Last updated