Authentication

Authentification may be done with API keys.

Generation of keys and first enrolment is "as you wish" and is not a part of obapi standard.

For some of us the use of login/passwd will be the right solution then an jwt key will be send to the client, for other it could be a sort of "pre-shared key" ...

The most important thing is that your obapi server give an obapi key to the client. The client will then send that key with classic Bearer: requests

Authenticate requests to this API's endpoints by sending an Authorization header with the value "Bearer {YOUR_AUTH_KEY}".

Example with curl:

curl -X GET -H "Authorization: Bearer ${APIKEY}" -d '{data}' https://remote.obapi.org/v1/entrypoint