Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
59cccde88fedcdf95bb136f852419f07b491bae4
api-guidelines/execution/authentication.md
apidesigner b08e51dec6 Updates execution/authentication.md 
Auto commit by GitBook Editor
2017-05-31 15:05:36 +00:00

918 B
Raw Blame History

Authentication

Every API exposed outside of the adidas network MUST be available to authenticated clients only. Every unauthenticated HTTP request to exposed API MUST result in the 403 Forbidden HTTP Status code.

Based on whether user authorization is required an API call can be authenticated in two ways:

  1. OAuth2 token
  2. API key

OAuth 2 Token

Every API that requires user authentication or authorization MUST use OAuth 2 tokens to authenticate the client.

API Key

If an API doesn't need to authorize user the API MAY use simple the API token instead of the OAuth 2 token. The key MUST be provided in the Adidas-API-Key HTTP header.

Example

Request:

GET /demo-approval-api/ HTTP/1.1
Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com

NOTE: See more details in the [Demo] Approval API example.