Authentication Types

Basic Authentication

HTTP Authorization header
Base64-encoded credentials

API Keys

Typically, within HTTP header
Kind of username and password at once

GET / HTTP/1.1
Host: example.com
X-API-KEY:  abcdef12345

API Keys: API Authentication Methods & ExamplesStoplight

TLS Authentication

HTTPS requires only the server/API to present a certificate
mutual TLS (mTLS) request both parties to present a certificate

Token Based Authentication

A trusted 3rd party issues tokens
They expire
Can convey more information than just called ID, which can used for authorization
OAuth use scopes, OpenID Connect adds claims

OAuth is a delegation protocol and its main goal is API access. OpenID Connect is an Identity layer atop of OAuth which define user authentication metadata, can control authentication and federation. OAuth 2.0 is the standard today and require HTTPS.

PreviousAPI Authentication NextOAuth Actors

Last updated 1 year ago