Authentication Overview
Authentication Overview
Section titled “Authentication Overview”Islamic Open Finance™ provides multiple authentication methods to secure your API access.
Authentication Methods
Section titled “Authentication Methods”| Method | Use Case | Security Level |
|---|---|---|
| API Keys | Server-to-server | High |
| OAuth 2.0 | User delegation | High |
| JWT Tokens | Session-based | Medium |
Authorization
Section titled “Authorization”Authorization is handled by Cerbos, providing:
- ABAC (Attribute-Based Access Control) - Decisions based on attributes
- RBAC (Role-Based Access Control) - Decisions based on roles
- Policy-as-Code - Authorization rules defined in YAML
- Service & Embedded PDPs - Flexible deployment options
Quick Start
Section titled “Quick Start”API Key Authentication
Section titled “API Key Authentication”The simplest way to authenticate:
curl https://api.islamicopenfinance.com/api/v1/contracts \ -H "Authorization: Bearer iof_sk_live_abc123..."OAuth 2.0
Section titled “OAuth 2.0”For user-delegated access:
curl https://api.islamicopenfinance.com/oauth2/token \ -d "grant_type=authorization_code" \ -d "code=auth_code_here" \ -d "client_id=your_client_id" \ -d "client_secret=your_client_secret"Security Best Practices
Section titled “Security Best Practices”- Never expose secrets in client-side code
- Rotate API keys regularly
- Use environment variables for credentials
- Implement proper key scoping
- Monitor API usage for anomalies
Next Steps
Section titled “Next Steps”- API Keys - Generate and manage API keys
- OAuth 2.0 - Implement OAuth flows
- Authorization (Cerbos) - Policy-based access control
- Webhooks Security - Secure webhook endpoints