Authentication Guide
Esta página aún no está disponible en tu idioma.
The Acme API supports multiple authentication methods depending on your use case.
API Keys
Section titled “API Keys”The simplest authentication method. Best for server-to-server communication.
curl -X GET "https://api.acme.com/v2/users" \ -H "Authorization: Bearer sk_live_abc123..."Key Types
Section titled “Key Types”| Type | Prefix | Use Case |
|---|---|---|
| Live | sk_live_ | Production applications |
| Test | sk_test_ | Development and testing |
OAuth 2.0
Section titled “OAuth 2.0”For applications that act on behalf of users.
curl -X GET "https://api.acme.com/v2/users/me" \ -H "Authorization: Bearer oauth_token_xyz..."Security Best Practices
Section titled “Security Best Practices”- Never expose keys in client-side code. Use a backend proxy instead.
- Rotate keys regularly by generating new keys periodically.
- Use environment variables rather than hardcoding keys in source code.
- Restrict key permissions to only grant necessary scopes.
Error Responses
Section titled “Error Responses”Authentication errors return 401 Unauthorized:
{ "error": { "code": "unauthorized", "message": "Invalid or expired API key" }}