Glossary: AuthenticationGlossary

Authentication is the process of verifying the identity of a client, such as an end user, application, or device. It answers the question "Who are you?"

These are the most common ways a client can authenticate itself with an API:

• API key: The client provides an API key — a simple text string — as proof of its identity.
• API key + secret: This is a more secure variant of API key authentication, where the client provides both an API key and a secret to authenticate itself. Like the API key, the secret is also a text string, but it is known only to the client. The API applies some transformation to the secret — usually hashing — in order to confirm that it is valid.
• OpenID Connect (OIDC): An authentication protocol built on the OAuth 2 authorization protocol and used in conjunction with it. In OIDC, the clientsend credentials to an OAuth 2 authorization server to confirm its identity. If successful, the authorization server sends the client an ID token, which acts as proof that the client has been authenticated.