Authentication Overview
Islamic Open Finance™ provides multiple authentication methods to secure your API access.
Authentication Methods
| Method | Use Case | Security Level |
|---|---|---|
| API Keys | Server-to-server | High |
| OAuth 2.0 | User delegation | High |
| JWT Tokens | Session-based | Medium |
Quick Start
API Key Authentication
The simplest way to authenticate:
bash
curl https://api.islamicopenfinance.com/v1/contracts \
-H "Authorization: Bearer iof_sk_live_abc123..."OAuth 2.0
For user-delegated access:
bash
curl https://api.islamicopenfinance.com/oauth2/token \
-d "grant_type=authorization_code" \
-d "code=auth_code_here" \
-d "client_id=your_client_id" \
-d "client_secret=your_client_secret"Security Best Practices
- Never expose secrets in client-side code
- Rotate API keys regularly
- Use environment variables for credentials
- Implement proper key scoping
- Monitor API usage for anomalies
Next Steps
- API Keys - Generate and manage API keys
- OAuth 2.0 - Implement OAuth flows
- Webhooks Security - Secure webhook endpoints