API Authentication Guide

Learn how to authenticate with the Acme API.

Authentication Methods

1. API Keys (Recommended for Server-to-Server)

Generate an API key:

Go to Settings > API
Click "Create New API Key"
Set permissions and expiry
Copy key immediately

Making Requests

curl -X GET "https://api.acmecorp.io/v1/projects" \
  -H "Authorization: Bearer YOUR_API_KEY"

2. OAuth 2.0 (For User Applications)

Authorization Flow

GET https://acmecorp.io/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  response_type=code&
  scope=read write

Exchange Code for Token

POST https://api.acmecorp.io/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
code=AUTHORIZATION_CODE&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET

Rate Limits

| Plan | Requests/Hour | |------|---------------| | Starter | 100 | | Professional | 1,000 | | Enterprise | 10,000 |

Error Codes

| Code | Description | |------|-------------| | 401 | Invalid or expired token | | 403 | Insufficient permissions | | 429 | Rate limit exceeded |

Security Best Practices

Never expose API keys in client code
Rotate keys every 90 days
Use minimum required permissions
Monitor API usage regularly

API Authentication Guide

API Authentication Guide

Authentication Methods

1. API Keys (Recommended for Server-to-Server)

Making Requests

2. OAuth 2.0 (For User Applications)

Authorization Flow

Exchange Code for Token

Rate Limits

Error Codes

Security Best Practices

Was this article helpful?

Related articles