What is Authentication?
The Asset Panda API uses API tokens to authenticate requests. It's okay if you are asking, "What is this?" and "Why?"
You see, when an API endpoint offers its services to a user via HTTP, it is said to be exposed. Exposure can result in the flow of traffic in or out of the API endpoints, to include potentially malicious traffic. API authentication protects both users and API developers from data loss, service outages, or other weird stuff. It also provides some really good information such as allowing developers to know what endpoints are most trafficked, along with users who are making numerous requests.
How does it work?
Well, API authentication is about tokens (also referred to as keys). Speaking of keys, think about it this way; you ask for the key to tour a new house and the owner gives you one. Authentication kind of works the same. (Although, you won't likely be touring a house in this instance.) Your token (key) is a long, unique string of numbers and letters. Once you have an API token, we let you into the house. In other words, you are allowed to use the API, but that's not all. The owner of the API also knows who you are and what you are doing while visiting their house (API).
How does Asset Panda authenticate?
Asset Panda authenticates via JWT, which stands for JSON Web Tokens. JWT access tokens conform to the JWT standard and contain information about an entity in the form of claims. This token-based authentication not only communicates with REST endpoints, but does so in a secure way. These tokens are also self-contained, which means that it's not necessary for the recipient to call a server to validate the token.
Bearer Token
Something to note is that you'll be using a Bearer token within the authorization header. This is important because Bearer distinguishes the type of authorization you're using.
Let's say our token is 1A1A1A (not a real token of course, only an example).
You'd enter Bearer 1A1A1A within the Authorization field (check out the example shown below).
