Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
62601ea5d26f9d51427605f4885cb951d0daf0e4
api-guidelines/rest/execution/authentication.md
Zdenek Nemec 62601ea5d2 Replace apiary with swaggerhub
2020-01-17 08:14:30 +01:00

814 B
Raw Blame History

Authentication

Every API exposed outside of the adidas network MUST be available to authenticated clients only. Every unauthenticated HTTP request to exposed API MUST result in the 403 Forbidden HTTP Status code.

Based on whether user authorization is required an API call can be authenticated in two ways:

  1. OAuth2 token
  2. API key

OAuth 2 Token

Every API that requires user authentication or authorization MUST use OAuth 2 tokens to authenticate the client.

API Key

An API MAY use simple the API token instead of the OAuth 2 token if it doesn't need to authorize the user . The key MUST be provided in the Adidas-API-Key HTTP header.

Example

Request:

GET /demo-approval-api/ HTTP/1.1
Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com