This document discusses various authentication mechanisms for REST APIs including basic, digest, bearer, and JWT authentication as well as API keys and the OAuth 1.0 and OAuth 2.0 authorization frameworks. It provides overviews of how each authentication type works at a high level and compares OAuth 1.0 with OAuth 2.0, noting that OAuth 1.0 depends on signatures while OAuth 2.0 does not.

1. REST API Authentication
Way To Control Access
Presented By Uttom Akash

2. Basics
• Authentication : Who you are
• If failed, should return 401 Unauthorized
• Authorization : What you can do
• If failed, should return 403 Forbidden

3. Authentication Mechanism
• Basic
• Digest
• Bearer
• JWT Bearer
• JWT Bearer with Refresh Token
• OAuth 1.0
• OAuth 2.0

4. Basic Authentication

5. Digest Authentication

6. Bearer Authentication

7. JWT Structure

8. JWT Bearer

9. JWT Bearer With Refresh Token

10. API Key
• Unique identifier used to authenticate a project with the
API rather than a human user
https://blog.restcase.com/content/images/20
19/07/nonref-docs-preso_apikey.png

11. How OAuth Works

12. How OAuth Works

13. How OAuth 1.0 Works

14. OAuth 1.0 Request Flow
https://oauth.net/core/di
agram.png

15. How OAuth 2.0 Works

16. OAuth 1.0 vs OAuth 2.0
• Depend on Signature
• More Computation
• Can be used with or
without HTTPS
• Doesn't depend on
Signature
• Less Computation
• Must Require HTTPS

17. Thank You