authN APIs

PHOTO EMBED

Wed Feb 22 2023 01:31:55 GMT+0000 (Coordinated Universal Time)

Saved by @chienbui #java

Step 3: Authentication
Next, we will move on to API authentication methods. API authentication aims to check and verify if the user making the request is who they claim to be. The API authentication process will first validate the identity of the client attempting to make a connection by using an authentication protocol. The credentials from the client requesting the connection is sent over to the server in either plain text or encrypted form. The server checks that the credentials are correct before granting the request. The system needs to ensure each end user is properly validated. This is to ensure that the right user is accessing the service and not someone without the right access who might be an attacker trying to hack into the system.

HTTP Basic Authentication
Different API systems use different methods of authentication. First, we have HTTP basic authentication. This method of authentication makes use of a username and password that is put into the Authorization header of an API request. It is recommended to use this method of authentication through hypertext transfer protocol secure (HTTPS) so that the connection between the client and server is encrypted.

Bearer Authentication
Another method of authentication is Bearer Authentication. A token is used to authenticate and authorize a user request. The token is usually given to the user by the server after the user has authenticated through a login or verification method. The token is then put into the Authorization header of an API request. The issued tokens are short-lived and expire at some point. 

API Keys
Authentication with API keys is similar to Bearer Authentication. However, in the case of API keys, the keys are obtained by the user instead of issued by the server for bearer authentication. API keys do not have an expiry date and are usually provided by API vendors or through creating an account. Most APIs accept API keys via HTTP request headers. However, as there is no common header field to send the API key, it would be easier to consult the API vendor or refer to the appropriate documentation for the correct use of the API key when sending an API request. For this campaign, Circle uses the API key authentication method.

No Authentication
There are also some API systems where you can submit an API request without any authentication. Anyone can simply make a request to the specific URL and get a response without a token or API key. This method of authentication is not recommended and is usually used either for testing or for in-house premises.
content_copyCOPY