Authentication Guide

Securely authenticate users and applications across Partner.js platforms and APIs.

Start Now

Authentication Overview

Partner.js provides multiple authentication methods including OAuth2, JWT, and API keys. Choose the best method for your integration based on the security requirements and use case complexity.

OAuth2 Server

Standard OpenID Connect implementation for secure user authentication.

JSON Web Tokens

Secure bearer tokens for client applications and internal APIs.

API Keys

Simple and fast credentials storage with granular access controls.

Getting Started

1

Create an App

Register your application in the Partner.js Console to get client credentials.

2

Redirect URI

Configure redirect URLs for handling authentication responses in the Partner.js app settings.

3

Authentication Flow

Use the Partner.js SDK or API to implement OAuth2 flows in your client application.

4

Store Credentials Securely

For server-side applications, store and rotate secrets with environment variables and secure vaults.

Authentication Example

OAuth2 Example

// Initialize OAuth2 flow
const authClient = new OAuthClient({
  clientID: "your_client_id",
  clientSecret: "your_secret",
  redirectURI: "https://your-app/auth-callback"
});

// Start redirect for user authorization
authClient.initAuthorization();

Authorization URL:

https://auth.partner.js/v1/login? client_id=your_client_id&redirect_uri=your_redirect

Security Best Practices

Secrets Rotation

Rotate credentials and encryption keys after 90 days in production environments.

Rate Limiting

Configure rate limits in the Partner.js API console to prevent brute force attacks.

Token Expiration

Use 30-minute sessions and refresh tokens for client-based applications.

Secure Cookies

For web apps, use HttpOnly and Secure flags for all authentication cookies.