Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update authentication.md

Browse Source
This commit is contained in:
Z
2017-06-26 09:01:13 +02:00
committed by GitHub
parent cae5658626
commit fabd509c31
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
execution/authentication.md
View File

@@ -1,5 +1,4 @@
# Authentication
Every API exposed outside of the adidas network **MUST** be available to authenticated clients only. Every unauthenticated HTTP request to exposed API **MUST** result in the **403 Forbidden** HTTP Status code.
Based on whether user authorization is required an API call can be authenticated in two ways:
@@ -11,7 +10,7 @@ Based on whether user authorization is required an API call can be authenticated
Every API that requires user authentication or authorization **MUST** use OAuth 2 tokens to authenticate the client.
## API Key
If an API doesn't need to authorize user the API **MAY** use simple the API token instead of the OAuth 2 token. The key **MUST** be provided in the `Adidas-API-Key` HTTP header.
An API **MAY** use simple the API token instead of the OAuth 2 token if it doesn't need to authorize the user . The key **MUST** be provided in the `Adidas-API-Key` HTTP header.
#### Example
@@ -23,5 +22,4 @@ Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com
```
> NOTE: See more details in the [[Demo] Approval API](http://docs.demoapprovalapi.apiary.io) example.