API Authentication Lab

The simplest way to handle authentication is by sending the username and password with every API call. You can use an HTTP header and encode the username and password. The username and password are encoded using Base64.

In the request header, you will see a header key for Authorization is created with the word BASIC followed by the encoded bse64 string.

Bearer Authentication, also known as token authentication, is a two-step process. In this authentication model, you, the user of an API, must first acquire a token and then use the token to authenticate & authorize your future requests. The API generates a secret key that is a long, difficult-to-guess string of numbers and letters.

Once the server returns the API token any future requests should include an authorization header value that has the token. Unlike Basic Auth, you don’t need to encode the token itself because it’s already encoded for you by the authentication server. The header field may look like the example below.

Authentication using API keys is very similar to Bearer Authentication, with only one difference, the way you acquire the API key itself. Unlike tokens, API keys do not have an expiry date. Moreover, API vendors generate an API key for you.

This method creates unique keys for developers and passes them alongside every request. The API generates a secret key that is a long, difficult-to-guess string of numbers and letters. It is typically passed alongside the API authorization header, the same as the bearer token above.