| title | API Authentication & Security |
|---|---|
| description | Secure access to AetherFlow APIs with JWT tokens, API keys, and best practices |
AetherFlow supports multiple authentication methods to ensure secure API access. Choose the appropriate method based on your use case and integration requirements.
All API requests must be made over HTTPS. HTTP requests will be rejected.JWT (JSON Web Tokens) provide stateless authentication for programmatic access. Generate tokens from your account settings for secure API interactions.
Navigate to Settings > API Keys in your dashboard. Create a new token with appropriate scopes. Add the Authorization header to all API calls: `Authorization: Bearer YOUR_JWT_TOKEN` Rotate tokens regularly and revoke compromised ones immediately.// Example API request with JWT
const response = await fetch('https://api.aetherflow.com/v2/workflows', {
method: 'GET',
headers: {
'Authorization': `Bearer ${process.env.AETHERFLOW_JWT_TOKEN}`,
'Content-Type': 'application/json'
}
});Legacy API keys are still supported for backward compatibility. However, we recommend migrating to JWT tokens for enhanced security.
Access your API keys section and generate a new key with specific permissions.<CodeGroup tabs="cURL,Python">
```bash
curl -X GET "https://api.aetherflow.com/v1/workflows" \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json"
```
```python
import requests
headers = {
'X-API-Key': 'YOUR_API_KEY',
'Content-Type': 'application/json'
}
response = requests.get('https://api.aetherflow.com/v1/workflows', headers=headers)
```
</CodeGroup>
For third-party applications, implement OAuth 2.0 flows to access user data securely.
```javascript // Authorization URL construction const authUrl = `https://api.aetherflow.com/oauth/authorize?` + `client_id=${CLIENT_ID}&` + `redirect_uri=${encodeURIComponent(REDIRECT_URI)}&` + `response_type=code&` + `scope=workflows:read workflows:write`;// Exchange code for token
const tokenResponse = await fetch('https://api.aetherflow.com/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: grant_type=authorization_code&code=${authCode}&client_secret=${CLIENT_SECRET}
});
</Expandable>
## Security Best Practices
Implement these security measures to protect your AetherFlow integrations.
<Columns cols={2}>
<Card title="Token Rotation" icon="refresh-cw">
Rotate API tokens every 90 days. Use different tokens for different environments.
</Card>
<Card title="IP Whitelisting" icon="lock">
Restrict API access to specific IP addresses for sensitive operations.
</Card>
<Card title="Rate Limiting" icon="clock">
Monitor your API usage and implement client-side rate limiting.
</Card>
<Card title="Audit Logging" icon="file-text">
Enable audit logs to track API usage and detect anomalies.
</Card>
</Columns>
## Rate Limits
AetherFlow enforces rate limits to ensure fair usage across all customers.
| Plan | Requests per Minute | Requests per Hour |
|------|-------------------|-------------------|
| Free | 60 | 1,000 |
| Pro | 300 | 10,000 |
| Enterprise | 1,000 | 50,000 |
<Callout kind="warning">
Exceeding rate limits will result in HTTP 429 responses. Implement exponential backoff for retries.
</Callout>
## Data Encryption
All data transmitted to and from AetherFlow APIs is encrypted in transit using TLS 1.3. Sensitive data is encrypted at rest using AES-256 encryption.
<ExpandableGroup>
<Expandable title="Encryption Details">
- API communications: TLS 1.3 with perfect forward secrecy
- Database encryption: AES-256-GCM
- File storage: Server-side encryption with customer-managed keys (Enterprise)
</Expandable>
<Expandable title="Compliance Standards">
AetherFlow maintains SOC 2 Type II and GDPR compliance for data protection.
</Expandable>
</ExpandableGroup>
This comprehensive security guide ensures you can safely integrate AetherFlow into your applications.