5 min read
API Authentication Guide
Authentication Methods
I Hate PPT API supports multiple authentication methods to ensure secure and reliable API calls.
API Key Authentication
Getting API Keys
- Log in to I Hate PPT Console
- Navigate to "API Management" page
- Click "Create API Key"
- Enter key name and description
- Select permission scope
- Copy the generated key
Using API Keys
curl -X POST https://api.ihateppt.com/v1/ppt/generate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"topic": "AI Development Trends"}'
Permission Scopes
read- Read-only permissions, can query datawrite- Read-write permissions, can create and modify dataadmin- Administrator permissions, can manage all resources
OAuth 2.0 Authentication
Authorization Flow
- Authorization Request - Redirect user to authorization page
- User Authorization - User confirms authorization on the page
- Get Authorization Code - System returns authorization code
- Exchange Token - Use authorization code to get access token
- API Call - Use access token to call API
Authorization URL
https://api.ihateppt.com/oauth/authorize?
client_id=YOUR_CLIENT_ID&
redirect_uri=YOUR_REDIRECT_URI&
response_type=code&
scope=read write&
state=random_state_string
Get Access Token
curl -X POST https://api.ihateppt.com/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code&
code=AUTHORIZATION_CODE&
redirect_uri=YOUR_REDIRECT_URI&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET"
Using Access Token
curl -X POST https://api.ihateppt.com/v1/ppt/generate \
-H "Authorization: Bearer ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"topic": "AI Development Trends"}'
JWT Token Authentication
Getting JWT Token
curl -X POST https://api.ihateppt.com/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "your_username",
"password": "your_password"
}'
Response Example
{
"success": true,
"data": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"token_type": "Bearer"
}
}
Refresh Token
curl -X POST https://api.ihateppt.com/auth/refresh \
-H "Content-Type: application/json" \
-d '{
"refresh_token": "your_refresh_token"
}'
Signature Authentication
Calculate Signature
import hmac
import hashlib
import time
import base64
def generate_signature(method, url, body, secret):
# Build signature string
timestamp = str(int(time.time()))
message = f"{method}\n{url}\n{body}\n{timestamp}"
# Calculate HMAC-SHA256 signature
signature = hmac.new(
secret.encode('utf-8'),
message.encode('utf-8'),
hashlib.sha256
).digest()
# Base64 encode
return base64.b64encode(signature).decode('utf-8')
Using Signature
curl -X POST https://api.ihateppt.com/v1/ppt/generate \
-H "Authorization: Signature YOUR_SIGNATURE" \
-H "X-Timestamp: 1640995200" \
-H "Content-Type: application/json" \
-d '{"topic": "AI Development Trends"}'
Multi-Factor Authentication
Enable MFA
- Go to "Security Settings" in the console
- Select "Multi-Factor Authentication"
- Scan QR code or enter secret key
- Enter verification code to complete setup
Using MFA
curl -X POST https://api.ihateppt.com/v1/ppt/generate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-MFA-Token: 123456" \
-H "Content-Type: application/json" \
-d '{"topic": "AI Development Trends"}'
Permission Management
Role Permissions
- Owner - Has all permissions
- Admin - Administrative permissions, can manage users and resources
- Editor - Edit permissions, can create and modify PPTs
- Viewer - View permissions, can only view PPTs
Resource Permissions
- PPT Management - Create, edit, delete PPTs
- File Management - Upload, download, delete files
- User Management - Manage user accounts and permissions
- API Management - Manage API keys and access permissions
Permission Check
def check_permission(user, resource, action):
# Check if user has permission to perform action
if user.role == 'owner':
return True
if resource == 'ppt' and action == 'create':
return user.role in ['owner', 'admin', 'editor']
if resource == 'user' and action == 'manage':
return user.role in ['owner', 'admin']
return False
Security Best Practices
API Key Security
- Protect Keys - Don't hardcode API keys in code
- Environment Variables - Use environment variables to store keys
- Regular Rotation - Regularly rotate API keys
- Minimal Permissions - Only grant necessary permissions
Network Security
- Use HTTPS - Always use HTTPS for API calls
- IP Whitelist - Limit API access by IP address
- Request Signing - Use request signing to prevent tampering
- Rate Limiting - Implement rate limiting to prevent abuse
Monitoring and Auditing
- Access Logs - Log all API access
- Anomaly Detection - Monitor unusual access patterns
- Regular Audits - Regularly audit permissions and access records
- Alert Mechanism - Set up security event alerts
Error Handling
Authentication Errors
{
"success": false,
"error": {
"code": "AUTHENTICATION_FAILED",
"message": "Authentication failed",
"details": {
"reason": "invalid_token",
"expires_at": "2024-01-15T10:30:00Z"
}
}
}
Permission Errors
{
"success": false,
"error": {
"code": "INSUFFICIENT_PERMISSIONS",
"message": "Insufficient permissions",
"details": {
"required_permission": "ppt:create",
"user_permissions": ["ppt:read"]
}
}
}
Frequently Asked Questions
Q: What to do if API key is compromised?
A:
- Immediately revoke the compromised key in the console
- Generate a new API key
- Check for unauthorized API calls
- Update all applications using that key
Q: How to improve API security?
A:
- Use HTTPS for all API calls
- Implement IP whitelist restrictions
- Enable multi-factor authentication
- Regularly rotate API keys
Q: How to handle token expiration?
A:
- Implement automatic token refresh mechanism
- Proactively refresh tokens before expiration
- Handle refresh failure scenarios
- Provide user-friendly error messages
Q: How to monitor API usage?
A:
- View API usage statistics
- Set up usage alerts
- Monitor unusual access patterns
- Regularly review access logs
Get Started with API - Check out API Reference for detailed API interface documentation.