Net API Documentation

Authentication

This section details the authentication mechanisms used by the Net API. Secure access to our resources is paramount, and we employ industry-standard methods to ensure the integrity and confidentiality of your data.

API Key Authentication

The primary method for authenticating with the Net API is through API keys. Each request must include a valid API key, which is provided to you upon registration.

How to Authenticate

Your API key should be included in the Authorization header of your HTTP requests. The format is as follows:

Authorization: Bearer YOUR_API_KEY

Replace YOUR_API_KEY with your actual API key.

Example Request (cURL)

curl -X GET \
  'https://api.example.com/v1/users' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json'

Token-Based Authentication (OAuth 2.0)

For more complex authorization scenarios, we support token-based authentication using OAuth 2.0. This method is typically used for delegated access and user authorization.

Flow Overview

The process involves obtaining an access token through an authorization server and then using this token to make requests to the API. The specific OAuth 2.0 flow (e.g., Authorization Code, Client Credentials) depends on your application's requirements.

Obtaining an Access Token

To obtain an access token, you will typically perform a POST request to our token endpoint:

POST /oauth/token

The request body will contain parameters such as grant_type, client_id, client_secret, and potentially others depending on the chosen grant type.

Using an Access Token

Once you have obtained an access token, it should be included in the Authorization header of your API requests:

Authorization: Bearer YOUR_ACCESS_TOKEN

Token Expiration and Refresh

Access tokens have a limited lifespan. When a token expires, you will receive an error response. You can obtain a new access token using a refresh token, which is typically provided when the initial access token is issued.

Authentication Errors

If your authentication credentials are invalid or missing, you will receive an HTTP status code 401 Unauthorized. The response body may contain more specific error details:

Common Error Responses

• 401 Invalid Credentials: The provided API key or token is incorrect or has expired.
• 401 Missing Authorization Header: The Authorization header was not included in the request.

Example Error Response

{
  "error": {
    "code": "UNAUTHENTICATED",
    "message": "Authentication failed. Please check your API key or token."
  }
}

Security Best Practices

• Never expose your API keys or secrets in client-side code (e.g., JavaScript running in a browser).
• Store API keys and secrets securely on your server.
• Use HTTPS for all API requests to encrypt traffic.
• Rotate your API keys regularly.
• Implement rate limiting on your end to prevent abuse and protect your API keys.