🔐 Authentication

Ditto IDVerify APIs require valid authentication to access any endpoint. The authentication is provided via the Authorization header in each API request. Ditto IDVerify supports two types of authentication schemes:

1. 🧾 Basic Authentication

Basic authentication involves encoding a username and password into a base64 string.

📌 How to Use

1. Format your credentials as username:password
2. Base64 encode the string. For example:
   • reliduser:password123 becomes cmVsaWR1c2VyOnBhc3N3b3JkMTIz
3. Add to the Authorization header:

   Authorization: Basic cmVsaWR1c2VyOnBhc3N3b3JkMTIz

❌ Failure Response

{
  "response_code": 1,
  "error_code": 2604,
  "error_message": "Authorization failed"
}

2. 🛡 OAuth2 Authentication

OAuth2 Bearer Tokens provide more secure and scalable authentication for production use.

📌 How to Use

1. Obtain the token by authenticating via the Ditto ID Auth Server (see /oauth/token)
2. Add it to the request header:

   Authorization: Bearer <your-access-token>

❌ Failure Response

{
  "response_code": 1,
  "error_code": 2604,
  "error_message": "Authorization failed",
  "error": "invalid_token",
  "error_description": "Access token expired"
}

⚠ Response Headers (OAuth2 failure)

• WWW-Authenticate: Contains the reason for failure, such as:

  WWW-Authenticate: Bearer error="invalid_token", error_description="Access token expired"

🚨 Error Codes Reference

✅ Recommended Approach

• Use OAuth2 for production deployments
• Use Basic Auth for initial development/testing
• Always keep client credentials secure and rotate tokens regularly

🛠 Getting Credentials

• Client credentials (Client ID and Secret) are issued by the Ditto ID Admin using the Gateway Manager Console
• Enterprises may use multiple credentials (Enterprise IDs) to isolate app flows by department or product