How do the authentication and authorisation of API endpoints work (e.g., API keys, OAuth, etc.)?

Updated 

  • At Teya, we use the OAuth 2.0 protocol for authentication, which is a widely adopted industry-standard protocol for secure authorization. The OAuth 2.0 protocol enables client applications to access protected resources on behalf of a resource owner, such as a user or device.

    To use OAuth 2.0 with our APIs, you will need to obtain a client ID and client secret, which are unique identifiers for your application. These are used to authenticate your application when it requests access to a protected resource. Once authenticated, your application will receive an access token, which is used to authorize API calls. Access tokens have a limited lifespan, and you will need to periodically refresh them to continue accessing protected resources.

    For user-authenticated or device code flow applications, we provide support for the OAuth 2.0 user authentication flow. This involves redirecting the user to a Teya authentication page, where they will be prompted to grant your application access to their Teya account. Once the user has granted access, your application will receive an access token that can be used to access protected resources on behalf of the user.