F

Authentication

Updated 3/5/2024

API authentication methods and security

API Authentication

FlintRow APIs use industry-standard authentication methods to ensure secure access to our services. This guide explains the authentication methods available and how to implement them.

Authentication Methods

We support the following authentication methods:

  • API Keys: Simple key-based authentication for server-to-server communication
  • OAuth 2.0: Token-based authentication for secure user authorization
  • JWT (JSON Web Tokens): Compact, self-contained tokens for information transmission
  • Basic Authentication: Username/password authentication (only recommended for development)

API Keys

API keys are the simplest authentication method and are suitable for server-to-server communication.

Obtaining an API Key

To obtain an API key:

  1. Log in to your FlintRow account
  2. Navigate to the API section in your dashboard
  3. Click "Generate API Key"
  4. Store your API key securely; it will only be shown once

Using API Keys

Include your API key in the request header: 

curl -X GET "https://api.flintrow.com/v1/resources" \
  -H "X-API-Key: your_api_key_here"

OAuth 2.0

OAuth 2.0 is our recommended authentication method for applications that need to access user data.

OAuth 2.0 Flow

Our OAuth 2.0 implementation follows the standard authorization code flow:

  1. Redirect the user to our authorization endpoint
  2. User authenticates and grants permissions
  3. User is redirected back to your application with an authorization code
  4. Exchange the authorization code for an access token
  5. Use the access token to make API requests

OAuth 2.0 Endpoints

  • Authorization Endpoint: https://auth.flintrow.com/oauth/authorize
  • Token Endpoint: https://auth.flintrow.com/oauth/token
  • Revocation Endpoint: https://auth.flintrow.com/oauth/revoke

JWT Authentication

JSON Web Tokens (JWT) are used for stateless authentication and information exchange.

JWT Structure

A JWT consists of three parts:

  1. Header: Contains the token type and signing algorithm
  2. Payload: Contains the claims or assertions about the user
  3. Signature: Verifies the token hasn't been tampered with

Using JWT

Include the JWT in the Authorization header: 

curl -X GET "https://api.flintrow.com/v1/resources" \
  -H "Authorization: Bearer your_jwt_token_here"

Security Best Practices

Follow these best practices to ensure secure API usage:

  • Never expose API keys or tokens in client-side code
  • Use HTTPS for all API requests
  • Implement token refresh mechanisms for long-lived applications
  • Revoke tokens when they're no longer needed
  • Use the principle of least privilege when requesting scopes
Next
API Endpoints

Was this helpful?