Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feature/update-spectral-ruleset
api-guidelines/rest/execution/authentication.md
Zdenek Nemec 62601ea5d2 Replace apiary with swaggerhub
2020-01-17 08:14:30 +01:00

25 lines
814 B
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Authentication
Every API exposed outside of the adidas network **MUST** be available to authenticated clients only. Every unauthenticated HTTP request to exposed API **MUST** result in the **403 Forbidden** HTTP Status code.
Based on whether user authorization is required an API call can be authenticated in two ways:
1. OAuth2 token
1. API key
# OAuth 2 Token
Every API that requires user authentication or authorization **MUST** use OAuth 2 tokens to authenticate the client.
## API Key
An API **MAY** use simple the API token instead of the OAuth 2 token if it doesn't need to authorize the user . The key **MUST** be provided in the `Adidas-API-Key` HTTP header.
#### Example
Request:
```
GET /demo-approval-api/ HTTP/1.1
Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com
```
Reference in New Issue View Git Blame Copy Permalink