# Airnode Authentication
API providers can instruct Airnode to authenticate requests to their endpoints. This is done by setting up a security scheme in the config.json file for their Airnode. Airnode supports three methods of authentication from the OpenAPI specification.
OpenAPI (opens new window) uses the term security scheme for authentication and authorization schemes. Airnode only uses standard OAS defined authentication schemes to identify itself to API endpoints. Airnode supports two types of authentication, http
and apiKey
.
- HTTP authentication schemes (using the
Authorization
header) supported by Airnode: - API key (opens new window) in the request header, cookie in header or query string
How Airnode sends the authentication data is explained in the sections Basic, Bearer and API Key below.
# Basic
Basic authentication is a simple authentication scheme built into the HTTP protocol. The Authorization request header contains the Base64-encoded username and password, separated by a colon. When handling the request, the server decodes the login details and checks if the user can access the requested content.
The header field is in the form of Authorization: Basic <credentials>
where credentials
is the Base64 encoding of a username and password joined by a single colon (airnode:airnode-password
).
Authorization: Basic <credentials>
curl -H "Authorization: Basic YW5kZXJzb25AZ21haWwuY29tOjEyM215cGFzc3dvcmQ=" \
-X GET https://mydao.com?token=API3
2
# Bearer
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The API provider supplies a token used by Airnode to authenticate itself to API endpoints.
The header field is in the form of Authorization: Bearer <token>
.
curl -H "Authorization: Bearer RZ8Y65TG" \
-X GET https://mydao.com?token=API3
2
# API Key
Some APIs use an apiKey
for authorization. The API provider supplies an apiKey
used by Airnode to authenticate itself to API endpoints. Airnode can send the apiKey
three ways.
# In the query string.
curl -X GET https://mydao.com?api_key=abcdef12345&token=API3
# In the request header.
curl -H "X-API-KEY: abcdef12345" \
-X GET https://mydao.com?token=API3
# As a cookie in the request header.
curl -H "Cookie: X-API-KEY:abcdef12345" \
-X GET https://mydao.com?token=API3
2
3
4
5
6
7
8
9
10
← Authorizer Requester →