Mirrors/api-guidelines
1
0
Fork 0
mirror of https://github.com/adidas/api-guidelines.git synced 2025-10-25 15:19:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f64b7934e4894a23e3901ff2294d78435bc86eea
api-guidelines/execution/authentication.md
apidesigner b08e51dec6 Updates execution/authentication.md 
Auto commit by GitBook Editor
2017-05-31 15:05:36 +00:00

28 lines
918 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Authentication
Every API exposed outside of the adidas network **MUST** be available to authenticated clients only. Every unauthenticated HTTP request to exposed API **MUST** result in the **403 Forbidden** HTTP Status code.
Based on whether user authorization is required an API call can be authenticated in two ways:
1. OAuth2 token
1. API key
# OAuth 2 Token
Every API that requires user authentication or authorization **MUST** use OAuth 2 tokens to authenticate the client.
## API Key
If an API doesn't need to authorize user the API **MAY** use simple the API token instead of the OAuth 2 token. The key **MUST** be provided in the `Adidas-API-Key` HTTP header.
#### Example
Request:
```
GET /demo-approval-api/ HTTP/1.1
Adidas-API-Key: 9kfapap6612jkfd3ja9323q
Host: adidas.api.mashery.com
```
> NOTE: See more details in the [[Demo] Approval API](http://docs.demoapprovalapi.apiary.io) example.
Reference in New Issue View Git Blame Copy Permalink