Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Creates rest/core-principles/quality.md

Browse Source 
Auto commit by GitBook Editor
This commit is contained in:
apidesigner
2018-06-23 12:56:08 +00:00
parent 6ae3093b22
commit 958d90ea5d
87 changed files with 1276 additions and 1276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
rest/execution/authentication.md Normal file
View File

@@ -0,0 +1,25 @@
# Authentication
Every API exposed outside of the adidas network **MUST** be available to authenticated clients only. Every unauthenticated HTTP request to exposed API **MUST** result in the **403 Forbidden** HTTP Status code.
Based on whether user authorization is required an API call can be authenticated in two ways:
1. OAuth2 token
1. API key
# OAuth 2 Token
Every API that requires user authentication or authorization **MUST** use OAuth 2 tokens to authenticate the client.
## API Key
An API **MAY** use simple the API token instead of the OAuth 2 token if it doesn't need to authorize the user . The key **MUST** be provided in the `Adidas-API-Key` HTTP header.
#### Example
Request:
```
GET /demo-approval-api/ HTTP/1.1
Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com
```
> NOTE: See more details in the [[Demo] Approval API](http://docs.demoapprovalapi.apiary.io) example.