API authentication refers to the process of verifying the identity and permissions of a client or user accessing an API (Application Programming Interface). It ensures that only authorized users or applications can access and interact with the API's resources.

There are several commonly used authentication methods for APIs:

1. API Keys:

   • Explanation: API keys are unique tokens issued to clients for authentication.

   • Example: An API key is included in the request header or query parameter:

     vbnetCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     X-API-Key: your-api-key
     
     

2. OAuth (Open Authorization):

   • Explanation: OAuth enables users to grant limited access to their resources.

   • Example: The client obtains an access token from the authorization server and includes it in the Authorization header:

     vbnetCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     Authorization: Bearer your-access-token
     
     

3. JWT (JSON Web Tokens):

   • Explanation: JWT is a compact and self-contained token format.

   • Example: A JWT is included in the Authorization header as a Bearer token:

     vbnetCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     Authorization: Bearer your-jwt-token
     
     

My JWT Notion Notes : https://aacle.notion.site/JWT-Token-4b40497b5441467aa1fda976d8c00ba3

1. Basic Authentication:

   • Explanation: Basic authentication involves sending credentials in the request header.

   • Example: The client sends a Base64-encoded username and password in the Authorization header:

   • It’s a base64 encoding not encryption so, not recommeded to use anyone can easily decode this

     vbnetCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     Authorization: Basic base64-encoded-credentials
     

2. Token-based Authentication:

   • Explanation: The client exchanges credentials for a temporary access token.

   • Example: The client includes the access token in the Authorization header:

     vbnetCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     Authorization: Bearer your-access-token
     
     

3. Certificate-based Authentication:

   • Explanation: The client presents a digital certificate for authentication.

   • Example: The client includes the certificate in the request:

     makefileCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     X-SSL-Certificate: your-certificate
     
     

4. HMAC (Hash-based Message Authentication Code):

   • Explanation: HMAC involves using a shared secret key for message integrity.

   • Example: The client calculates an HMAC and includes it in the request header:

     makefileCopy code
     GET /api/resource HTTP/1.1
     Host: example.com
     X-HMAC-Signature: calculated-hmac
     
     

More on HMAC : https://docs.oracle.com/en/cloud/saas/marketing/crowdtwist-develop/Developers/HMACAuthentication.html

1. OAuth + HMAC (OAuth 1.0a):