2. Basics
• Authentication : Who you are
• If failed, should return 401 Unauthorized
• Authorization : What you can do
• If failed, should return 403 Forbidden
10. API Key
• Unique identifier used to authenticate a project with the
API rather than a human user
https://blog.restcase.com/content/images/20
19/07/nonref-docs-preso_apikey.png
16. OAuth 1.0 vs OAuth 2.0
• Depend on Signature
• More Computation
• Can be used with or
without HTTPS
• Doesn't depend on
Signature
• Less Computation
• Must Require HTTPS