Skip to content

Authentication

Security is one of the main features of building an API. With APICHAP you are able to integrate your authentication protocols into your API.

We currently support 3 Authentification methods - OAuth2.0 (Resource Server) - APIKey - Basic Auth (unsupported with the MCP Protocol)

Run without Authentication

Due to security reasons the authentications key must also be present if you are not using any authentication. 

authentications: {}

OAUth2.0

OAuth2.0 is a widely-used industry-standard protocol for authorization. APICHAP allows you to configure your API as a resource server that validates access tokens against a specified issuer.

You must provide the issuer URL of your OAuth provider and optionally specify the required scopes for accessing your API resources.

authentications:
  NAME_OF_YOUR_AUTH:
    type: oauth2
    issuerURL: https://link.to.your.oauth.provider
    scopes: 
      - email
      - profile

APIKey

API Key authentication allows you to secure your API with a simple token-based approach. You can provide the API key directly in the configuration or, preferably, store it in an environment variable for improved security.

authentications:
  NAME_OF_YOUR_AUTH:
    type: apikey
    apiKey: ${ENV(secret_value}

Basic Auth

Basic Authentication secures your API by requiring a predefined username and password combination. While simple, it is less secure than OAuth2.0 and APIKey and is not recommended for use in production environments without HTTPS.

authentications:
  NAME_OF_YOUR_AUTH:
    type: basicauth
    user: default
    password: generatedpwd