The IXO Spatial Web uses both industry-standard authentication mechanisms and decentralized identity systems to ensure secure access to APIs and services.

Authentication Methods

Security Requirements

HTTPS Only

  • TLS 1.2+ required
  • Certificate validation
  • Secure cipher suites
  • HSTS enabled

Token Management

  • Secure storage
  • Regular rotation
  • Expiry handling
  • Revocation support

Access Control

  • Role-based access
  • Scope limitations
  • Resource permissions
  • Audit logging

Rate Limiting

  • Request quotas
  • Burst handling
  • IP restrictions
  • Usage monitoring

Implementation Guide

  1. Choose Authentication Method

    • Bearer token for web applications
    • DID auth for blockchain operations
    • API keys for development
    • SignX for mobile-to-web authentication
  2. Configure Security Settings

    • Enable HTTPS
    • Set token expiry
    • Configure rate limits
    • Enable monitoring
  3. Implement Authentication Flow

    • Handle token requests
    • Validate credentials
    • Manage sessions
    • Process renewals
  4. Set Up Error Handling

    • Invalid credentials
    • Expired tokens
    • Rate limit exceeded
    • Network issues

OAuth 2.0 Integration

Best Practices

Code Examples

const headers = {
  'Authorization': `Bearer ${accessToken}`,
  'Content-Type': 'application/json'
};

const response = await fetch('https://api.emerging.eco/v1/resource', {
  headers
});

SignX Authentication Flow

Developer Resources