Authentication

The IXO Spatial Web uses both industry-standard authentication mechanisms and decentralized identity systems to ensure secure access to APIs and services.

Authentication Methods

Bearer Token Authentication

DID Authentication

{
  "did": "did:ixo:entity:<did-string>",
  "signature": "<signed-challenge>",
  "challenge": "<challenge-string>"
}

Decentralized identity authentication for:

Oracle services
Impact claims
Verifiable credentials
Domain operations

API Key Authentication

SignX Authentication

{
  "matrix": true,
  "session_id": "<unique_session_id>",
  "login_token": "<one_time_token>"
}

Mobile-to-web authentication using IXO Impacts X:

QR code or deep link initiation
Cryptographic key-based authentication
No password entry required
Matrix credentials retrieval
Secure device-based identity verification

Security Requirements

HTTPS Only

TLS 1.2+ required
Certificate validation
Secure cipher suites
HSTS enabled

Token Management

Secure storage
Regular rotation
Expiry handling
Revocation support

Access Control

Role-based access
Scope limitations
Resource permissions
Audit logging

Rate Limiting

Request quotas
Burst handling
IP restrictions
Usage monitoring

Implementation Guide

Choose Authentication Method
- Bearer token for web applications
- DID auth for blockchain operations
- API keys for development
- SignX for mobile-to-web authentication
Configure Security Settings
- Enable HTTPS
- Set token expiry
- Configure rate limits
- Enable monitoring
Implement Authentication Flow
- Handle token requests
- Validate credentials
- Manage sessions
- Process renewals
Set Up Error Handling
- Invalid credentials
- Expired tokens
- Rate limit exceeded
- Network issues

OAuth 2.0 Integration

Authorization Code Flow

Client Credentials Flow

Best Practices

Token Security

Error Handling

DID Authentication

SignX Authentication

Code Examples

const headers = {
  'Authorization': `Bearer ${accessToken}`,
  'Content-Type': 'application/json'
};

const response = await fetch('https://api.emerging.eco/v1/resource', {
  headers
});

SignX Authentication Flow

Developer Resources

API Reference

Detailed API authentication docs

SDK Guide

Client library integration

Security Guide

Security best practices

Examples

Implementation examples

SignX SDK

Mobile authentication integration

Get Started

Developers

User Guides

Platforms

Articles

Authentication Methods

Security Requirements

HTTPS Only

Token Management

Access Control

Rate Limiting

Implementation Guide

OAuth 2.0 Integration

Best Practices

Code Examples

SignX Authentication Flow

Developer Resources

API Reference

SDK Guide

Security Guide

Examples

SignX SDK

Get Started

Developers

User Guides

Platforms

Articles

​Authentication Methods

​Security Requirements

HTTPS Only

Token Management

Access Control

Rate Limiting

​Implementation Guide

​OAuth 2.0 Integration

​Best Practices

​Code Examples

​SignX Authentication Flow

​Developer Resources

API Reference

SDK Guide

Security Guide

Examples

SignX SDK

Authentication Methods

Security Requirements

Implementation Guide

OAuth 2.0 Integration

Best Practices

Code Examples

SignX Authentication Flow

Developer Resources