Tech
January 14, 2023

API Basics - Using APIs in no-code tools

API Authentication: Understanding the Auth Methods

Darragh Mc Kay
Founder and CEO of Noloco

API authentication is the process of ensuring that only authorized users can access the data and functionality provided by an API. In this post, we will explain the different forms of API authentication for non-technical users and provide examples of the headers used to authenticate in each case.

Public APIs:

Some APIs do not require any form of authentication. These are known as public APIs and can be accessed by anyone. Examples of public APIs include the weather API and currency conversion API. These APIs are typically used to provide information or perform simple actions that do not require any sensitive information.

API Key based authentication:

In other cases, an API may require an API key to access. An API key is a unique string of characters that is provided by the API provider. It is used to identify the developer or application that is making the request. This is a simple form of authentication that is easy to set up and use. You can usually find the API key in the account settings of the API provider. To use an API key to authenticate, you would include it in the headers of your API request, like this:

Authorization: Bearer YOUR_API_KEY

OAuth:

OAuth (Open Authorization) is a standard for allowing users to grant access to their data without sharing their login credentials. It is often used for social media APIs, where a user can grant an application access to their social media account without sharing their login credentials. OAuth is more secure than API keys as it enables users to grant and revoke access to their data. To use OAuth to authenticate, you would need to follow the OAuth flow and obtain an access token from the API provider. The access token would then be included in the headers of your API request, like this:

Authorization: Bearer YOUR_ACCESS_TOKEN

JWT (JSON Web Token):

JWT is a compact, URL-safe means of representing claims to be transferred between two parties. JWT is the most common form of authentication for the APIs that are built on top of the REST architecture. It is a JSON object that contains information about the user and is encoded and signed by the server. Once the user is authenticated, the server sends a JWT to the client, which the client can then use to authenticate itself to the server in subsequent requests. To use JWT to authenticate, you would include it in the headers of your API request, like this:

Authorization: Bearer YOUR_JWT

Basic Authentication:

Basic authentication is a simple form of authentication where the client sends an HTTP header with a username and password in plain text. This method is less secure than other forms of authentication and should only be used over a secure connection (HTTPS). To use basic authentication, you would encode the username and password in base64 and include them in the headers of your API request, like this:

Authorization: Basic YOUR_ENCODED_CREDENTIALS

It's important to keep in mind that different APIs may use different forms of authentication and it's a good idea to refer to the API's documentation for more information on the specific authentication methods that it requires. Additionally, some APIs may provide multiple forms of authentication, so it's important to choose the best one depending on the requirements of your application and the features the no-code application supports.

Author

Darragh Mc Kay
Founder and CEO of Noloco

Darragh is the founder and CEO of Noloco, a platform that empowers teams to build powerful internal tools and customer portals without writing code. With a background in software engineering, he brings a sharp product focus to everything he does—balancing deep technical understanding with a passion for intuitive user experiences. On the blog, Darragh writes about building and scaling SaaS products, no-code development, startup operations, and using AI to accelerate product development.

Your most common
questions—answered!

Who is Noloco best suited to?
+
-

Noloco is perfect for small to medium-sized businesses in non-technical industries like construction, manufacturing, and other operations-focused fields.

Do I need tech experience to use the platform?
+
-

Not at all! Noloco is designed especially for non-tech teams. Simply build your custom application using a drag-and-drop interface. No developers needed!

Is my data secure?
+
-

Absolutely! Security is very important to us. Our access control features let you limit who can see certain data, so only the right people can access sensitive information

Do you offer customer support?
+
-

Yes! We provide customer support through various channels—like chat, email, and help articles—to assist you in any way we can.

My business is growing fast—can Noloco keep up?
+
-

Definitely! Noloco makes it easy to tweak your app as your business grows, adapting to your changing workflows and needs.

Is there any training or support available to help my team get up to speed?
+
-

Yes! We offer tutorials, guides, and AI assistance to help you and your team learn how to use Noloco quickly.

Can I make changes to my app after it’s been created?
+
-

Of course! You can adjust your app whenever needed. Add new features, redesign the layout, or make any other changes you need—you’re in full control.

Ready to boost
your business?

Build your custom tool with Noloco