Authentication
Authentication methods and best practices for the IXO Spatial Web API
Proper authentication is crucial for ensuring the security and integrity of API interactions. The IXO Spatial Web API follows best practices for REST services to provide secure and reliable authentication mechanisms.
Bearer Token Authentication
Bearer Token Authentication
The preferred method for authenticating requests to the IXO Spatial Web API.
Implementation
- Include bearer token in HTTP
Authorizationheader - Tokens are securely generated by identity provider
- Short-lived tokens for enhanced security
OAuth 2.0 Protocol
OAuth 2.0 Protocol
Industry-standard protocol for authorization and token management.
Flows
- Client Credentials Flow: Server-to-server interactions
- Authorization Code Flow: User-facing applications
API Key Management
API Key Management
Alternative authentication method for limited-access endpoints.
Best Practices
- Use for limited-access endpoints
- Store in environment variables
- Never hard-code in applications
JWT (JSON Web Tokens)
JWT (JSON Web Tokens)
Self-contained way to transmit information between parties.
Structure
- Header
- Payload (claims)
- Signature
Security Best Practices
HTTPS Only
All requests to the IXO Spatial Web API must be made over HTTPS. This ensures that data transmitted between clients and the API remains encrypted and protected from potential attackers.
Rate Limiting & IP Whitelisting
To prevent abuse and protect the API:
- Implement rate limiting to restrict request frequency
- Use IP whitelisting for sensitive endpoints
- Monitor and log authentication attempts
Each API defines its own authentication implementation. Always refer to the specific API documentation for detailed authentication requirements.