Developers
Authentication
Secure your applications with IXO authentication mechanisms
The IXO Spatial Web uses both industry-standard authentication mechanisms and decentralized identity systems to ensure secure access to APIs and services.
Authentication Methods
Bearer Token Authentication
Bearer Token Authentication
The primary authentication method using secure tokens:
- JWT-based access tokens
- Short-lived token expiry
- Refresh token support
- Role-based permissions
DID Authentication
DID Authentication
Decentralized identity authentication for:
- Oracle services
- Impact claims
- Verifiable credentials
- Domain operations
API Key Authentication
API Key Authentication
Simplified authentication for:
- Development environments
- Limited-access endpoints
- Service-to-service calls
- Testing and integration
SignX Authentication
SignX Authentication
Mobile-to-web authentication using IXO Impacts X:
- QR code or deep link initiation
- Cryptographic key-based authentication
- No password entry required
- Matrix credentials retrieval
- Secure device-based identity verification
Security Requirements
HTTPS Only
- TLS 1.2+ required
- Certificate validation
- Secure cipher suites
- HSTS enabled
Token Management
- Secure storage
- Regular rotation
- Expiry handling
- Revocation support
Access Control
- Role-based access
- Scope limitations
- Resource permissions
- Audit logging
Rate Limiting
- Request quotas
- Burst handling
- IP restrictions
- Usage monitoring
Implementation Guide
-
Choose Authentication Method
- Bearer token for web applications
- DID auth for blockchain operations
- API keys for development
- SignX for mobile-to-web authentication
-
Configure Security Settings
- Enable HTTPS
- Set token expiry
- Configure rate limits
- Enable monitoring
-
Implement Authentication Flow
- Handle token requests
- Validate credentials
- Manage sessions
- Process renewals
-
Set Up Error Handling
- Invalid credentials
- Expired tokens
- Rate limit exceeded
- Network issues
OAuth 2.0 Integration
Authorization Code Flow
Authorization Code Flow
Client Credentials Flow
Client Credentials Flow
Ideal for service-to-service authentication
Best Practices
Token Security
Token Security
- Store tokens securely
- Use short expiration times
- Implement refresh flows
- Handle revocation
Error Handling
Error Handling
- Proper error responses
- Retry mechanisms
- Rate limit handling
- Logging and monitoring
DID Authentication
DID Authentication
- Verify DID ownership
- Check signature validity
- Validate challenge
- Monitor DID status
SignX Authentication
SignX Authentication
- Generate secure one-time QR codes
- Implement event listeners for login events
- Securely store received Matrix credentials
- Handle session expiration gracefully
- Consider auto-provisioning Matrix accounts