Authentication Guide

Secure authentication mechanisms for modern applications

1. API Authentication

API Key Authentication

Request


                        Authorization: Bearer your_api_key

JWT Authentication

Decode JWT token with public RSA public-key


                            $ curl -H "Authorization: Bearer eyJhbG...

JWT Verification


                                        const cert = fs.readFileSync('public.key');
                                        const decoded = jsonwebtoken.verify(token, cert, (err, payload) => {
                                            // validate claims
                                        });

< class="mb-6 p-6 border-t border-gray-700 mt-6">

Best Practices

Rate Limit

100 requests/minute

Token Expiry

24-hour expiration on bearer tokens

                                curl -X POST https://api.palap.org/v1/auth/refresh 
                                -H "Authorization: Bearer "

2. OAuth2.0 Integration
OAuth 2.0 Authorization Flow

Authorization Endpoint


                            GET https://auth.palap.org/authorize?
                            <client_id>
                            client_id=1234
                            <redirect_uri>


                            Authorization: Basic base64encode(client_id:client_secret)

Token Endpoint


                            curl -X POST
                            -u client_credential:secret
                            -d grant_type=authorization_code
                            -d code=ABC123

301 Moved to OpenID Connect 1.0