Introduction
API authentication is a crucial aspect of secure and reliable communication between applications and the DRIVR APIs. In order to protect sensitive data and ensure that only authorized users or systems can access an API, robust authentication mechanisms are in place.
Before proceeding with the authentication documentation, it is essential to sign up and create a Domain
(your own DRIVR environment) within the DRIVR Customer Portal.
The signup process involves creating an account and providing necessary information such as email address, username, and password. Once you have successfully signed up, you can proceed to create a Domain
, which serves as the unique identifier within the API ecosystem. Creating a Domain
enables you to manage your API resources, configure authentication settings, and access the necessary tools and functionalities for implementing authentication methods.
It is important to ensure that the signup and Domain
creation steps are completed before following the instructions provided in this section.
This documentation aims to provide comprehensive guidance on the different types of authentication methods that can be implemented with various API types. It covers the fundamental concepts of API authentication and provides step-by-step instructions on how to set up and configure authentication for different API scenarios.
Throughout this documentation, we will explore the following API authentication types:
- OAuth (Open Authorization): is an industry-standard protocol that enables delegated access to an API on behalf of a user. It allows third-party applications to access API resources without sharing the user's credentials explicitly.
- Token-based Authentication: This authentication method relies on the use of secure tokens to verify the identity of the requester.
- Certificate-Based Authentication: Certificate-based authentication is a highly secure method that utilizes digital certificates to verify the identity of an entity, such as a device or application, accessing the DRIVR MQTT API. Each entity is issued a unique digital certificate containing a public key and other identifying information. The certificate is used as proof of identity and is verified against a trusted certificate authority (CA) to ensure its validity.
In each section, we will provide a high-level overview of the authentication method, its benefits, and considerations for implementation. Additionally, we will offer code examples and best practices to help developers integrate and configure the authentication mechanisms seamlessly.
The guides for DomainAuthenticationMethods and ApplicationConsumers will guide you through all preparations necessary in order to perform authenticated requests against our GraphQL and REST APIs. For insights how device authentication works please have a look at the Certificate-Based Authentication sections.
By the end of this documentation, you will have a solid understanding of different authentication methods available for your APIs and be well-equipped to choose the most appropriate authentication approach for your specific requirements. If you have any questions or need further assistance, feel free to reach out.