← Back to Glossary

What is API Authentication?

by Iwan Price-Evans on Security • June 8, 2022

API authentication is an important part of API security for any application that uses APIs. It allows developers to verify that requests come from authorized sources.

In order to authenticate users, APIs require some form of user identification. There are two main types of authentication: username/password or token-based.

Username/Password-Based Authentication

A common type of API authentication is username/password-based. This method requires a user to provide a username and password when making a request. If the credentials are valid, then the request will succeed.

Token-Based Authentication

Another popular type of API authentication is token-based. With this method, an access token is generated by the server and sent back to the client. The client stores this token locally and uses it to make requests.

OAuth 2.0 is a popular example of token-based authentication for APIs.