Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
63f5a82d44944403c9985acd66a04d488a4c3637
api-guidelines/execution/authentication.md
apidesigner 63f5a82d44 Updates execution/authentication.md 
Auto commit by GitBook Editor
2017-05-31 14:59:00 +00:00

764 B
Raw Blame History

Authentication

Every API exposed outside of the adidas network MUST be available to authenticated clients only. Every unauthenticated HTTP request to exposed API MUST result in the 403 Forbidden HTTP Status code.

There are two was how to authenticate a call to an API:

  1. OAuth2 token
  2. API key

OAuth 2 Token

Every API that requires user authentication or authorization MUST use OAuth 2 tokens to authenticate the user.

API Key

If an API doesn't need to authorize users the API MAY use simple API token instead of the OAuth 2 token. The key MUST be provided in the Adidas-API-Key HTTP header.

Example

GET /demo-approval-api/ HTTP/1.1
Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com