Guides ยท Engineering
API Authentication Modes Basics
Pick and implement API auth methods
This guide describes common API authentication methods, when to use each, how to transmit credentials safely, and how to rotate and revoke access.
- api auth
- oauth
- api keys
- mtls
- security
Choose a mode
Use API keys for server-to-server simplicity, OAuth for delegated user access, and mTLS for high-trust B2B links.
Protect secrets
Send over HTTPS, avoid logging, and store keys/tokens in a vault.
Rotate and revoke
Issue short-lived tokens where possible; provide fast revocation and regeneration paths.
Document usage
Publish examples and required headers; state rate limits and error codes.