Authentication
Authentication verifies that a request belongs to a real AeThex user, service, or integration.
Supported Concepts
AeThex authentication can include:
- Passport session authentication
- OAuth-style authorization flows
- API keys for server integrations
- Webhook signatures
- Discord account linking
- Game/session tokens
Recommended Flow
For most applications:
- Redirect the user to Passport or an AeThex auth surface.
- Receive an authorization response.
- Exchange for a scoped token server-side.
- Store only what your application needs.
- Refresh or revalidate when required.
Security Requirements
- Never store private keys in clients.
- Keep API keys server-side.
- Use HTTPS only.
- Validate webhook signatures.
- Rotate compromised credentials immediately.
- Log auth failures without leaking secrets.