Authentication

The OLI API supports two authentication methods: Bearer Tokens and API Keys. Each serves distinct purposes and is suited for different use cases. This summary provides an overview of both methods, highlighting their advantages and best practices.

Bearer Tokens

Overview

Bearer tokens are short-lived credentials obtained through authentication using a username and password. They are required to access API endpoints and are used to generate API keys.

Key Characteristics

  • Authentication Flow: Requires a username, password, and client credentials to obtain the token.

  • Time-Limited: Typically valid for 24 hours.

  • Usage: Ideal for manual or interactive sessions where a user logs in to perform actions.

  • Rate-Limited: The token generation process is subject to rate limits, ensuring fair usage and preventing abuse.

API Keys

Overview

API keys are long-lived credentials generated by authenticated users. They are designed for automated scenarios, such as scheduled tasks or system-to-system communication.

Key Characteristics

  • Generated Using Bearer Tokens: API keys are created via a dedicated endpoint after bearer token authentication.

  • Time-Limited: Can have custom expiration dates to control their validity period.

  • Flexible: Can be named for easy identification and managed (listed or deleted) through the API.

  • Usage: Ideal for automated processes to reduce the need for frequent authentication.

Why Use API Keys for Automation?

  • Reduced Transaction Overhead:

    • Eliminates the need to repeatedly authenticate via bearer token, reducing login-related delays.

  • Rate Limitation Avoidance:

    • Avoids frequent login attempts that are subject to rate limits, making it more suitable for high-frequency operations.

  • Custom Expiry:

    • API keys can be configured with specific expiration dates to control access duration.

  • Scalability:

    • Simplifies integration with applications that need persistent, secure access to the API.

Best Practices for Using API Keys

  1. Set Expiry Dates:

    • Use a reasonable expiration period to limit the exposure of compromised keys.

  2. Limit Active Keys:

    • Each user can have up to 5 active keys. Regularly review and delete unused keys.

  3. Secure Storage:

    • Store API keys securely. They are displayed only once during generation.

  4. Rotate Keys Periodically:

    • Regularly replace keys to maintain security and minimize risk.

When to Use Which?

  • Bearer Tokens:

    • Best for interactive sessions or when initial authentication is required (e.g., generating API keys).

  • API Keys:

    • Best for automated systems or when long-term access without frequent authentication is required.

By combining bearer tokens for initial authentication and API keys for ongoing automated operations, you can optimize security and performance while adhering to best practices.

Bearer Tokens

PreviousBasic workflowNextBearer Token

Last updated