Skip to main content
Security api-auth critical

API Authentication Patterns

API authentication patterns covering API keys, JWT, OAuth 2.0, session management, and production security best practices.

Difficulty
intermediate
Read time
1 min read
Version
v1.0.0
Confidence
established
Last updated
Edit on GitHub Report Issue

Quick Reference

API Auth: API keys for server-to-server. JWT for stateless (short expiry, refresh tokens). OAuth 2.0 for third-party. Store tokens securely (httpOnly cookies). Validate on every request. Use HTTPS only. Rotate keys regularly. Log auth failures. Rate limit auth endpoints.

Use When

  • API security
  • User authentication
  • Third-party integrations
  • Microservices auth

Skip When

  • Public read-only APIs
  • Internal-only services
  • Static content

API Authentication Patterns

API authentication patterns covering API keys, JWT, OAuth 2.0, session management, and production security best practices.

Tags

authentication api security jwt oauth

Discussion

Related Guidelines

Session Management Patterns critical Authentication Patterns critical Secrets Management critical