API Authentication
6 min read Quiz at the end
API keys, JWT Bearer tokens, and OAuth 2.0 — choose the right auth method for your API use case.
API Authentication Methods
# API Keys
Authorization: ApiKey sk-live-abc123
# Bearer Token (JWT)
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...
# OAuth 2.0 flows:
# Authorization Code -- user-facing apps
# Client Credentials -- machine-to-machine
# JWT payload
{
"sub": "user-123",
"email":"alice@example.com",
"exp": 1735689600
}
# Never put sensitive data in JWT -- it is base64 not encrypted
# Short expiry: 15 min access token + 7 day refresh token
Topic Quiz · 1 questions
Test your understanding before moving on
1. What type of token does Bearer authentication use?
💡 Bearer tokens — typically JWTs or opaque OAuth tokens — are sent in the Authorization header.