Authentication

&Open API uses Bearer Token authentication to secure all API endpoints. This ensures that only authorized clients can access protected resources.

Overview

Bearer Token authentication is a simple and secure mechanism where the client includes a token in the Authorization header of each request. If the token is valid and not expired, the server grants access to the requested resources.

How It Works

Obtain your API key from the &Open dashboard.
Include the token in the Authorization header of every request.
The server validates the token and grants access to authorized requests.

Implementation

Header Format

Include the Bearer Token in the Authorization header using the following format:

Authorization: Bearer YOUR_API_TOKEN

Example Request

curl -X GET "https://api.andopen.co/<path>" \
  -H "Authorization: Bearer your_api_token_here" \
  -H "Content-Type: application/vnd.api+json"

Security Best Practices

Keep your token secure - Treat it like a password and never expose it in client-side code
Rotate tokens regularly - Generate new tokens and retire old ones periodically
Revoke compromised tokens - Immediately delete any tokens that may have been exposed

Overview​

How It Works​

Implementation​

Header Format​

Example Request​

Security Best Practices​