BellaDati uses the OAuth protocol to ensure only authorized users may access the API.

    Authentication

    OAuth uses a three-step handshake to authenticate users to the system. If a 3rd-party client application is accessing the API on the user's behalf, the OAuth protocol allows users to log in directly with Belladati without having to trust the client application with their credentials.

    1. Client application gets a request token from BellaDati.
    2. User authorizes the request token with BellaDati using their web browser.
    3. Client application exchanges authorized request token for an access token.

    Authorization

    When a client application is making a request to the BellaDati API, it needs to prove that it has been authorized by a valid user. To do this, it includes the access token received during the authentication process in every API request. BellaDati verifies the token's validity before returning any data to the client application.

    Request Integrity

    When writing data to the API, client applications may want to ensure their API requests reach the server in the exact way they were issued, e.g. because the client is running in an untrusted network environment. To prevent tampering, the client can attach an OAuth signature to their request, allowing the server to verify that the content of the message hasn't been modified.

    Next Steps

    • No labels