Authentication

Secure access to API resources using token-based authentication.

Authentication Methods

OAuth 2.0 with JWT

We use JSON Web Tokens (JWT) for secure, stateless authentication. Access tokens are issued for 24 hours and can be refreshed using our refresh token endpoint.

Authorization Flow

  1. Client requests access token via /oauth/token
  2. Server validates credentials and returns JWT
  3. All API requests must include Authorization: Bearer {token}

Security Best Practices

  • Never expose tokens in client-side code
  • Use HTTPS for all API communications
  • Store tokens securely at rest

Implementation Examples

Getting Your Token

// JavaScript Example
fetch("https://api.eggrOSa/oauth/token", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    client_id: "your-client-id",
    client_secret: "your-secret",
    grant_type: "client_credentials"
  })
})
.then(response => response.json())
.then(data => console.log("Access Token:", data.access_token));

// Python Example
import requests

response = requests.post(
    "https://api.eggrOSa/oauth/token",
    json={
        "client_id": "your-client-id",
        "client_secret": "your-secret",
        "grant_type": "client_credentials"
    }
)

print("Access Token:", response.json()["access_token"])

Permission Scopes

User Data Scope

Grants read/write access to user profile information and authentication data.

Data Storage Scope

Enables full CRUD operations for storing and retrieving data objects.

Analytics Scope

Allows read-only access to system metrics and usage statistics.

Webhook Scope

Controls the ability to register and receive webhooks from the system.