As a web developer, you have various choices regarding API authentication. This guide aims to provide you with a high-level overview of the six most used schemes. Inside, you will find a cheatsheet to help you choose.
All tags
The Web API Authentication guide, TLS Client Certificates
Wednesday, Apr 25, 2018 by Daniel Szpisjak
TLS mutual authentication doubles down on HTTPS. Using this scheme your clients' identity is proved by presenting certificates and proving ownership of a private key. This is a very potent tool and also a tradeoff.
The Web API Authentication guide, Signature Schemes
Friday, Feb 9, 2018 by Daniel Szpisjak
HTTP signature schemes provide integrity and authenticity on the application layer. Using them increase security but also incurs complexity.
The Web API Authentication guide, Bearer tokens
Friday, Jan 19, 2018 by Daniel Szpisjak
Lots of modern web application utilize bearer tokens. They are ideal for backend integration, but can also be used on the frontend.
The Web API Authentication guide, Cookies
Friday, Jan 12, 2018 by Daniel Szpisjak
Cookies are the de-facto authentication between browser and server. For a good reason, they can provide full-blown session management with low complexity.