Authentication

Authentication verifies that a request belongs to a real AeThex user, service, or integration.


Supported Concepts

AeThex authentication can include:

  • Passport session authentication
  • OAuth-style authorization flows
  • API keys for server integrations
  • Webhook signatures
  • Discord account linking
  • Game/session tokens

For most applications:

  1. Redirect the user to Passport or an AeThex auth surface.
  2. Receive an authorization response.
  3. Exchange for a scoped token server-side.
  4. Store only what your application needs.
  5. Refresh or revalidate when required.

Security Requirements

  • Never store private keys in clients.
  • Keep API keys server-side.
  • Use HTTPS only.
  • Validate webhook signatures.
  • Rotate compromised credentials immediately.
  • Log auth failures without leaking secrets.

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9