Authentication Profiles Authentication profiles are central to TypeAuth’s security model, defining how applications and their tokens handle authentication, rate limiting, and access control. These profiles act as reusable configuration templates that can be attached to multiple applications, ensuring consistent security policies across your API ecosystem. Key Benefits

Centralized Security: Define authentication rules once, apply everywhere Flexible Configuration: Support for both JWT and opaque tokens Rate Control: Fine-grained request rate limiting and token replenishment Token Management: Customizable token generation and expiration Policy Inheritance: All tokens inherit their application’s profile settings

Use Cases

API Products

Different tiers (Basic, Pro, Enterprise) Usage-based pricing Feature access control

Internal Services

Service-to-service authentication Department-specific access limits Development vs. Production settings

Customer APIs

Client credential management Usage quotas Customer-specific rate limits

Configuration Properties

Creating Profiles

POST /{account_id}/authentication/create
Content-Type: application/json

{
  "name": "basic-api-access",
  "keyType": "token",
  "ratelimit": {
    "requests": 1000,
    "window": 3600
  },
  "refill": {
    "tokens": 1000,
    "interval": 3600
  },
  "byteLength": 32,
  "prefix": "ta_"
}

Example Configurations

Basic API Access

{
  "name": "basic-api",
  "keyType": "token",
  "ratelimit": {
    "requests": 100,
    "window": 60
  },
  "byteLength": 32
}

Enterprise Usage

{
  "name": "enterprise",
  "keyType": "token",
  "ratelimit": {
    "requests": 10000,
    "window": 3600
  },
  "refill": {
    "tokens": 10000,
    "interval": 3600
  },
  "byteLength": 64,
  "prefix": "ta_ent_"
}

JWT Authentication

{
  "name": "jwt-auth",
  "keyType": "jwt",
  "jwt_id": "jwt_config_123",
  "ratelimit": {
    "requests": 5000,
    "window": 3600
  }
}

Profile Inheritance

When an authentication profile is attached to an application:

  1. All tokens inherit profile settings
  2. Rate limits apply per token
  3. Refill schedules operate independently
  4. Expiration applies to new tokens

Limitations

  • Rate limit window: 1-86400 seconds
  • Refill interval: 1-86400 seconds
  • Token length: 16-128 bytes
  • Prefix length: 50 characters max
  • Maximum requests: 1000000 per window

Best Practices

  1. Rate Limiting

    • Set appropriate limits for use case
    • Configure refill for continuous usage
    • Consider burst traffic patterns

  2. Token Configuration

    • Use minimum 32 bytes for security
    • Add descriptive prefixes
    • Set reasonable expiration

  3. Profile Management

    • Create profiles per usage tier
    • Document profile purposes
    • Regular review and updates

Authentication Profiles Authentication profiles are central to TypeAuth’s security model, defining how applications and their tokens handle authentication, rate limiting, and access control. These profiles act as reusable configuration templates that can be attached to multiple applications, ensuring consistent security policies across your API ecosystem. Key Benefits

Centralized Security: Define authentication rules once, apply everywhere Flexible Configuration: Support for both JWT and opaque tokens Rate Control: Fine-grained request rate limiting and token replenishment Token Management: Customizable token generation and expiration Policy Inheritance: All tokens inherit their application’s profile settings

Use Cases

API Products

Different tiers (Basic, Pro, Enterprise) Usage-based pricing Feature access control

Internal Services

Service-to-service authentication Department-specific access limits Development vs. Production settings

Customer APIs

Client credential management Usage quotas Customer-specific rate limits

Configuration Properties

Creating Profiles

POST /{account_id}/authentication/create
Content-Type: application/json

{
  "name": "basic-api-access",
  "keyType": "token",
  "ratelimit": {
    "requests": 1000,
    "window": 3600
  },
  "refill": {
    "tokens": 1000,
    "interval": 3600
  },
  "byteLength": 32,
  "prefix": "ta_"
}

Example Configurations

Basic API Access

{
  "name": "basic-api",
  "keyType": "token",
  "ratelimit": {
    "requests": 100,
    "window": 60
  },
  "byteLength": 32
}

Enterprise Usage

{
  "name": "enterprise",
  "keyType": "token",
  "ratelimit": {
    "requests": 10000,
    "window": 3600
  },
  "refill": {
    "tokens": 10000,
    "interval": 3600
  },
  "byteLength": 64,
  "prefix": "ta_ent_"
}

JWT Authentication

{
  "name": "jwt-auth",
  "keyType": "jwt",
  "jwt_id": "jwt_config_123",
  "ratelimit": {
    "requests": 5000,
    "window": 3600
  }
}

Profile Inheritance

When an authentication profile is attached to an application:

  1. All tokens inherit profile settings
  2. Rate limits apply per token
  3. Refill schedules operate independently
  4. Expiration applies to new tokens

Limitations

  • Rate limit window: 1-86400 seconds
  • Refill interval: 1-86400 seconds
  • Token length: 16-128 bytes
  • Prefix length: 50 characters max
  • Maximum requests: 1000000 per window

Best Practices

  1. Rate Limiting

    • Set appropriate limits for use case
    • Configure refill for continuous usage
    • Consider burst traffic patterns

  2. Token Configuration

    • Use minimum 32 bytes for security
    • Add descriptive prefixes
    • Set reasonable expiration

  3. Profile Management

    • Create profiles per usage tier
    • Document profile purposes
    • Regular review and updates