Slide 29
Slide 29 text
API Authentication
● User authentication is performed with sessions, which are
maintained via JWT cryptographically signed tokens.
● Tokens are created via login, currently done with API key
secret pairs. Tokens could also be generated via oAuth2
(Google/Github/others integration), great for auditing.
● Groupon requested to simplify auth: pre-created tokens,
infinite duration sessions (no login required, revocable).