As you begin working with third-party APIs, you’ll run into a variety of API authentication methods. The three most common methods to perform authenticated requests with an API are:
- Basic authentication: You send your username/password alongside every API call ????
- API Key: The service creates a unique key for your account and you pass it alongside every request ?
- OAuth: A user clicks on a sign-in button, grants permission, and your app can authenticate each request with an
access_token?
Each method has its own pros/cons.
- Basic is very easy to implement, but would you give your Google account password to someone? (You shouldn’t!)
- API Key is as easy to implement, both for the API provider and the developer. But have you ever tried to ask a non-techie to give you its API key?
- OAuth (especially OAuth2.0) is the best in terms of user experience. Your users click on a button and that’s it. But for developers, implementing an OAuth dance can be tricky!
Read more at The three most common API authentication methods