OAuth is a standard authorization protocol that allows a third-party application to access a user's resources without knowing their credentials, using access tokens.
What is OAuth?
OAuth (Open Authorization) is an open authorization protocol that allows an application to access a user's data on another service, without the user having to share their password. It's the standard used by Google, Facebook, GitHub and most major platforms.
How does OAuth 2.0 work?
- Authorization request: The application redirects the user to the service to authorize access
- Authorization code: The service returns a temporary code to the application
- Access token: The application exchanges the code for an access token
- API calls: The token is used to authenticate API requests
OAuth vs API Key
- API Key: Simple, suited for server-to-server integrations
- OAuth: More complex, suited when users need to authorize access to their data
OAuth and AILabsAudit
AILabsAudit currently uses API key authentication (simpler for B2B integrations). API keys provide an appropriate security level for the platform's use cases, while remaining simple to implement.