Authentication Methods
XDK Python provides three primary authentication methods:OAuth 2.0 PKCE (Recommended)
OAuth 2.0 with PKCE (Proof Key for Code Exchange) is the recommended authentication method for user-context applications. It provides enhanced security and supports automatic token refresh.- Best for: Web applications, mobile apps, desktop applications
- User context: Yes
- Token refresh: Automatic
- Security: High (PKCE protects against authorization code interception)
OAuth 1.0a
OAuth 1.0a is a traditional authentication method that uses HMAC-SHA1 signatures. It’s useful for legacy applications or when OAuth 2.0 is not available.- Best for: Legacy applications, server-to-server communication
- User context: Yes
- Token refresh: Manual re-authorization required
- Security: High (cryptographic signatures)
Bearer Token
Bearer token authentication uses a simple app-only token for read-only operations that don’t require user context.- Best for: Read-only operations, analytics, monitoring
- User context: No
- Token refresh: Not required (long-lived tokens)
- Security: Moderate (protect your token carefully)
Quick Start
Here’s a quick comparison to help you choose the right authentication method:| Feature | OAuth 2.0 PKCE | OAuth 1.0a | Bearer Token |
|---|---|---|---|
| User Context | ✓ | ✓ | ✗ |
| Write Operations | ✓ | ✓ | ✗ |
| Auto Refresh | ✓ | ✗ | N/A |
| Setup Complexity | Medium | High | Low |
| Security | High | High | Moderate |
Security Best Practices
- Store credentials securely using environment variables or secret management services
- Use HTTPS for all callback URLs and API requests
- Implement proper token storage with encryption
- Rotate credentials regularly
- Monitor token usage and revoke compromised tokens immediately
Next Steps
Choose an authentication method to get started:OAuth 2.0 PKCE
Modern, secure authentication with automatic token refresh
OAuth 1.0a
Traditional authentication with cryptographic signatures
Bearer Token
Simple app-only authentication for read operations