Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updates evolution/naming-conventions.md

Browse Source 
Auto commit by GitBook Editor
This commit is contained in:
apidesigner
2017-05-31 14:55:41 +00:00
parent 9c323d1938
commit 2bf7af7506
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
evolution/naming-conventions.md
View File

@@ -80,7 +80,7 @@ Every HTTP Header should use `Hyphenated-Pascal-Case`. A custom HTTP Header **SH
#### Example
```
ORDER-METADATA-HEADER: 42
Order-Metadata-Header: 42
```

16
execution/authentication.md
View File

@@ -1,2 +1,16 @@
# Authentication
_TODO_
Every API exposed outside of the adidas network **MUST** be available to authenticated clients only. Every unauthenticated HTTP request to exposed API **MUST** result in the **403 Forbidden** HTTP Status code.
There are two was how to authenticate a call to an API:
1. OAuth2 token
1. API key
# OAuth 2 Token
Every API that requires user authentication or authorization **MUST** use OAuth 2 tokens to authenticate the user.
## API Key
If an API doesn't need to authorize users the API **MAY** use simple API token instead of the OAuth 2 token. The key **MUST** be provided in the `Adidas-API-Key` HTTP header.