# Handling API Authentication (API Keys, OAuth, JWT)

## Introduction
API authentication is crucial for securing endpoints and ensuring only authorized users or applications can access data. Common authentication methods include:
- **API Keys**: A simple token-based authentication method.
- **OAuth**: A standard protocol for delegated access.
- **JWT (JSON Web Token)**: A compact and self-contained token for authentication.

## 1. API Keys Authentication
API Keys are unique identifiers passed in requests to authenticate and authorize access.

### Example: Authenticating with API Key (Python `requests`)
```python
import requests

API_URL = "https://api.example.com/data"
API_KEY = "your_api_key_here"

headers = {
    "Authorization": f"Bearer {API_KEY}",
    "Content-Type": "application/json"
}

response = requests.get(API_URL, headers=headers)
print(response.json())
```

### Pros & Cons of API Keys
✅ Simple to implement  
✅ Easy to use in scripts  
❌ Can be exposed if not handled securely  
❌ Needs to be stored securely to prevent misuse  

## 2. OAuth Authentication
OAuth 2.0 is a widely used authorization framework allowing users to grant third-party applications access without exposing credentials.

### OAuth Flow
1. **User Authorization**: The user grants permission to the application.
2. **Obtain Access Token**: The application gets an access token from the authorization server.
3. **Use Token for API Requests**: The application sends API requests with the token.

### Example: Getting an Access Token (Python `requests`)
```python
import requests

TOKEN_URL = "https://auth.example.com/token"
CLIENT_ID = "your_client_id"
CLIENT_SECRET = "your_client_secret"

data = {
    "grant_type": "client_credentials",
    "client_id": CLIENT_ID,
    "client_secret": CLIENT_SECRET
}

response = requests.post(TOKEN_URL, data=data)
access_token = response.json()["access_token"]
print("Access Token:", access_token)
```

### Making API Requests with OAuth Token
```python
API_URL = "https://api.example.com/data"
headers = {"Authorization": f"Bearer {access_token}"}
response = requests.get(API_URL, headers=headers)
print(response.json())
```

### Pros & Cons of OAuth
✅ More secure than API keys  
✅ Allows fine-grained access control  
❌ Requires more setup and configuration  

## 3. JWT (JSON Web Token) Authentication
JWT is a token-based authentication method where a signed token is passed in requests.

### Example: Decoding a JWT Token
```python
import jwt

token = "your_jwt_token_here"
SECRET_KEY = "your_secret_key"

decoded_token = jwt.decode(token, SECRET_KEY, algorithms=["HS256"])
print(decoded_token)
```

### Making API Requests with JWT
```python
API_URL = "https://api.example.com/protected"
headers = {"Authorization": f"Bearer {token}"}
response = requests.get(API_URL, headers=headers)
print(response.json())
```

### Pros & Cons of JWT
✅ Compact and self-contained  
✅ Can be used for authentication and information exchange  
❌ Needs proper handling to prevent token reuse or exposure  

## Conclusion
Choosing the right authentication method depends on security requirements and use cases. API keys are simple but less secure, OAuth provides delegated access control, and JWT enables stateless authentication.

Use strong encryption, proper token expiration, and secure storage to protect authentication mechanisms.