Overview

BaaSiC requires API keys to authenticate all API calls. Before proceeding with the methods, it is strongly recommended that you review the 'Getting Started' guide to ensure you are familiar with the initial setup.

Authentication is handled through the OAuth protocol. After obtaining the token, it must be included in the header of each API request. But, first, some information you should be aware of:

Understanding OAuth

OAuth (Open Authorization) is an open standard for access delegation, widely used to grant websites or applications limited access to a user's data without exposing login credentials. Instead of sharing passwords, OAuth utilizes tokens to authenticate and authorize access.

Various types of tokens can be employed for this purpose, such as JWTs, opaque tokens, and SAML tokens. In our case, we use JWTs for authentication.

For more information about OAuth, we recommend visiting this link.

Understanding JWT

JWT (JSON Web Token) is a compact, URL-safe token format used to securely transmit information between parties as a JSON object. It is commonly used for authentication and authorization.

A JWT consists of three parts: a header (specifies the token type and signing algorithm), a payload (contains claims or data), and a signature (verifies the token's integrity). Since it is self-contained, the token can be verified without needing to access a central server, making it efficient for stateless authentication.

For more information about JWT, we recommend visiting this link