Terminology
| Authentication and authorisation overview | Before users can make requests with your API, they’ll usually need to register for some kind of application key or learn other ways to authenticate the requests. APIs vary in the way they authenticate users. Some APIs just require you to include an API key in the request header, while other APIs require elaborate security due to the need to protect sensitive data, prove identity and ensure the requests aren’t tampered with. |
| Authentication | Proving correct identity. |
| Authorisation | Allowing a certain action. |
| Tokens |
The access token is a credential that can be used by a client to access an API. The access token can be any type of token
such as an opaque string(or a JWT) and is meant for the API. The purpose of the access token is to inform the
API that the bearer of this token has been authorised to access the API and perform specific actions (as specified
in the scope that has been granted). The access token should be used as a bearer credential and transmitted in
an HTTP authorisation header to the API.
|