Skip to main content
The IXO Spatial Web uses both industry-standard authentication mechanisms and decentralized identity systems to ensure secure access to APIs and services.

Authentication Methods

Authorization: Bearer <your_token>
The primary authentication method using secure tokens:
  • JWT-based access tokens
  • Short-lived token expiry
  • Refresh token support
  • Role-based permissions
{
  "did": "did:ixo:entity:<did-string>",
  "signature": "<signed-challenge>",
  "challenge": "<challenge-string>"
}
Decentralized identity authentication for:
  • Oracle services
  • Impact claims
  • Verifiable credentials
  • Domain operations
X-API-Key: <your_api_key>
Simplified authentication for:
  • Development environments
  • Limited-access endpoints
  • Service-to-service calls
  • Testing and integration
{
  "matrix": true,
  "session_id": "<unique_session_id>",
  "login_token": "<one_time_token>"
}
Mobile-to-web authentication using IXO Impacts X:
  • QR code or deep link initiation
  • Cryptographic key-based authentication
  • No password entry required
  • Matrix credentials retrieval
  • Secure device-based identity verification

Security Requirements

HTTPS Only

  • TLS 1.2+ required
  • Certificate validation
  • Secure cipher suites
  • HSTS enabled

Token Management

  • Secure storage
  • Regular rotation
  • Expiry handling
  • Revocation support

Access Control

  • Role-based access
  • Scope limitations
  • Resource permissions
  • Audit logging

Rate Limiting

  • Request quotas
  • Burst handling
  • IP restrictions
  • Usage monitoring

Implementation Guide

  1. Choose Authentication Method
    • Bearer token for web applications
    • DID auth for blockchain operations
    • API keys for development
    • SignX for mobile-to-web authentication
  2. Configure Security Settings
    • Enable HTTPS
    • Set token expiry
    • Configure rate limits
    • Enable monitoring
  3. Implement Authentication Flow
    • Handle token requests
    • Validate credentials
    • Manage sessions
    • Process renewals
  4. Set Up Error Handling
    • Invalid credentials
    • Expired tokens
    • Rate limit exceeded
    • Network issues

OAuth 2.0 Integration

Best for web applications with user interaction
Ideal for service-to-service authentication

Best Practices

  • Store tokens securely
  • Use short expiration times
  • Implement refresh flows
  • Handle revocation
  • Proper error responses
  • Retry mechanisms
  • Rate limit handling
  • Logging and monitoring
  • Verify DID ownership
  • Check signature validity
  • Validate challenge
  • Monitor DID status
  • Generate secure one-time QR codes
  • Implement event listeners for login events
  • Securely store received Matrix credentials
  • Handle session expiration gracefully
  • Consider auto-provisioning Matrix accounts

Code Examples

const headers = {
  'Authorization': `Bearer ${accessToken}`,
  'Content-Type': 'application/json'
};

const response = await fetch('https://api.emerging.eco/v1/resource', {
  headers
});

SignX Authentication Flow

Developer Resources

I