You can integrate your solutions with Ditto
- via the HTTP API or
- via WebSocket.
On all APIs Ditto protects functionality and data by using
- Authentication to make sure the requester is the one she claims to be,
- Authorization to make sure the requester is allowed to see, use or change the information he wants to access.
User authentication at the HTTP API
A user who calls the HTTP API can be authenticated using two mechanisms:
- HTTP BASIC Authentication by providing username and password of users managed within for example nginx acting as reverse proxy.
- A JWT issued by Google or other OpenID Connect providers.