The difference between Authentication and Authorization

Rapid
The difference between Authentication and Authorization
The difference between Authentication and Authorization

The difference between Authentication and Authorization

Rapid
The difference between Authentication and Authorization
The difference between Authentication and Authorization

In a nutshell, authentication is the identification of a user, and authorization controls what a user can access.

Rapid
The difference between Authentication and Authorization
The difference between Authentication and Authorization

You can think of authentication as needing to show your passport at the airport to verify who you are. On the other hand, authorization is like your boarding pass, which controls which flight you can take from within the airport.

Rapid
The difference between Authentication and Authorization
The difference between Authentication and Authorization

Since APIs cannot identify individual users, authentication methods involve authenticating the application requesting the data. The most commonly seen authentication methods are OAuth, API Keys, and basic HTTP authentication.

Rapid
The difference between Authentication and Authorization
The difference between Authentication and Authorization

As for authorization, it is usually predefined by the organization or application settings. There are however access models used to define authorization rules.

The two most common access models are RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control), which are commonly combined with each other or other authorization methods. Authorization always comes after the process of authentication.