The Journey
Authentication

Authentication

Manmohan P M's photo
Manmohan P M
·

3 min read

Introduction

  • Today on my web dev journey i learned about the different types of authentication and authorization used by APIs.

  • From least to highest security they are as below :

    • No authentication

    • Basic Authentication

    • API Key

    • API Tocken

  • Lets talk about each one separately, but first whats the difference betwenn authentication and authorization.

Authentication VS Authorization

  • Authentication is basically checking if you are who you claim to be.

  • This is generally done using a user name and password or something similar.

  • Authorization is checking if you are authorized to do a particular task i.e. if you have the privileges to do something.

  • e.g. when you try to delete something from a database only the admin is authorized to do it, so unless you are the admin , even if you authenticated yourself as an employee you cannot do this task.

  • This is done with the help of keys and tokens.

No Authentication

  • This is pretty self explanatory there simply is no authentication required to use the API in this case.

  • The use of the API is generally controlled using a rate limit, which limits the number of requests from an IP for a particular amount of time (e.g. 100req/15 min).

  • This type of authentication is used in APIs that have data that is not rapidly changing and is not that sensitive.

Basic Authentication

  • Basic authentication is just using a username and password to get access to the API.

  • The username and password will be sent in BASE64 encoded form.

  • This type of authentication is more secure.

  • But, when sending each request the username and password has to be sent which increases the possibility that someone can intercept and get your login credentials.

API Key

  • API Keys are used to avoid sending your login credentials every time you request something from the API.

  • The API key is generated using your login credentials after which all requests are made with your key.

  • This can also be useful to track the number requests made through each key, which can be useful to calculate the cost of using or maintaining an API.

API Token

  • This is also called Oauth or Oauth 2.0, Here an API Token is generated with which all authentication is done.

  • This is basically what happens when you use login with google or something of the like.

  • When you click the button google will authenticate us (make sure we are who we say we are) and create an API token.

  • For any further requests with the API this token is used.

Conclusion

Did you find this article valuable?

Support The Journey by becoming a sponsor. Any amount is appreciated!

authenticationauthorizationoauthAPIsREST APIRESTaxiosWeb DevelopmentLearning Journeylearning#learning-in-public