Edit Article

Update your article content and settings

Back to articles

Title *

URL Slug

/article/

Content (Markdown)

# API Authentication Guide

Learn how to authenticate with the Acme API.

## Authentication Methods

### 1. API Keys (Recommended for Server-to-Server)

Generate an API key:
1. Go to **Settings > API**
2. Click "Create New API Key"
3. Set permissions and expiry
4. Copy key immediately

### Making Requests

```bash
curl -X GET "https://api.acmecorp.io/v1/projects" \
  -H "Authorization: Bearer YOUR_API_KEY"
```

### 2. OAuth 2.0 (For User Applications)

#### Authorization Flow

```
GET https://acmecorp.io/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  response_type=code&
  scope=read write
```

#### Exchange Code for Token

```bash
POST https://api.acmecorp.io/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
code=AUTHORIZATION_CODE&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET
```

## Rate Limits

| Plan | Requests/Hour |
|------|---------------|
| Starter | 100 |
| Professional | 1,000 |
| Enterprise | 10,000 |

## Error Codes

| Code | Description |
|------|-------------|
| 401 | Invalid or expired token |
| 403 | Insufficient permissions |
| 429 | Rate limit exceeded |

## Security Best Practices

- Never expose API keys in client code
- Rotate keys every 90 days
- Use minimum required permissions
- Monitor API usage regularly

Excerpt (optional)

Publish

Status

published

View live article