We have upgraded our REST API to a more secure authentication method, which uses a short-lived token to send messages. This transition enhances security by reducing the risks associated with exposing sensitive credentials.
Why the Change?
Previously, all our RESTful APIs relied on the HTTP Basic Authentication scheme. In this approach, a username and password were submitted with every request.
The New Token-Based Authentication
From time to time, we upgrade our API to ensure it stays up-to-date with the latest standards and provides enhanced security for our users. As part of this ongoing effort, we have introduced a new token-based authentication method.
This upgrade reflects our commitment to improving the security and usability of our API. By adopting modern authentication practices, we aim to provide a seamless and secure experience for developers while safeguarding sensitive information
Here’s how the new system works:
- Token Generation: You must first authenticate with the API to generate a token.
- Short-Lived Token: The token is valid for one hour, during which it can be reused for multiple API requests. This approach limits the exposure of sensitive information and ensures a secure, time-bound access mechanism.
- Bearer Token Usage: The token should be included in the request header as a Bearer token.
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiOiIxZjg0ZjM1Zi02NzY0LTRjYWMtOGI2OC1mNWNiMTE2NGMwZDQiLCJhbGciOiJIUzI1NiJ9.eyJqdGkiOiI3ZDVmYjJjYS1iZTNjLTQxY2EtOTk0ZC0xNWZkMWEyMWMyZTkiLCJpc3MiOiJHRU5JUSIsInN1YiI6IjEiLCJpYXQiOjE3MzM5MDEyODYsIm5iZiI6MTczMzkwMTI4NiwiZXhwIjoxNzMzOTA0ODg2fQ.rUAB9fR2R__7dIK74TNasCtPov-Zrx_E-L-qaCjgOfoThis upgrade ensures that our API remains aligned with the latest security practices and offers a better user experience. The short-lived token minimizes potential security risks by restricting access to a limited time frame. Additionally, this modern authentication method is well-suited for stateless REST APIs, making it scalable and efficient.
For more information, please refer to this link.