mirror of
				https://github.com/adidas/api-guidelines.git
				synced 2025-10-25 15:19:19 +00:00 
			
		
		
		
	Updates evolution/naming-conventions.md
Auto commit by GitBook Editor
This commit is contained in:
		| @@ -80,7 +80,7 @@ Every HTTP Header should use `Hyphenated-Pascal-Case`. A custom HTTP Header **SH | ||||
| #### Example | ||||
|  | ||||
| ``` | ||||
| ORDER-METADATA-HEADER: 42 | ||||
| Order-Metadata-Header: 42 | ||||
| ``` | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -1,2 +1,16 @@ | ||||
| # Authentication | ||||
| _TODO_ | ||||
|  | ||||
| Every API exposed outside of the adidas network **MUST** be available to authenticated clients only. Every unauthenticated HTTP request to exposed API **MUST** result in the **403 – Forbidden** HTTP Status code. | ||||
|  | ||||
| There are two was how to authenticate a call to an API:  | ||||
|  | ||||
| 1. OAuth2 token | ||||
| 1. API key | ||||
|  | ||||
| # OAuth 2 Token | ||||
| Every API that requires user authentication or authorization **MUST** use OAuth 2 tokens to authenticate the user. | ||||
|  | ||||
| ## API Key | ||||
| If an API doesn't need to authorize users the API **MAY** use simple API token instead of the OAuth 2 token. The key **MUST** be provided in the `Adidas-API-Key` HTTP header. | ||||
|  | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user