Authentication Types
Basic Authentication
HTTP
Authorization
headerBase64-encoded credentials

API Keys
Typically, within HTTP header
Kind of username and password at once
GET / HTTP/1.1
Host: example.com
X-API-KEY: abcdef12345
TLS Authentication
HTTPS requires only the server/API to present a certificate
mutual TLS (mTLS) request both parties to present a certificate

Token Based Authentication
A trusted 3rd party issues tokens
They expire
Can convey more information than just called ID, which can used for authorization
OAuth use scopes, OpenID Connect adds claims
OAuth is a delegation protocol and its main goal is API access. OpenID Connect is an Identity layer atop of OAuth which define user authentication metadata, can control authentication and federation. OAuth 2.0 is the standard today and require HTTPS.
Last updated