Introduction

Bluelink provides a collection of helpers and specifications for authentication. Applications with public HTTP APIs that make up Bluelink such as the Deploy Engine support common authentication mechanisms including API keys and JWTs issued by OAuth2 or OIDC¹ providers. A custom Bluelink-specific authentication mechanism is also supported that avoids the transportation of private API keys over the wire by using them in combination with a public key, timestamp and chosen request headers to create a signature, this mechanism is the called the Bluelink Signature.

Authentication Mechanisms

You can delve deeper into the supported authentication mechanisms in the links below (including the specification for the Bluelink Signature):

• API Keys
• JWTs
• Bluelink Signature v1

Footnotes

1. OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. See OpenID Connect. ↩