OAuth

OAuth (Authorization) is the open standard for delegated access: it issues time-limited access tokens to third-party clients, allowing them to use a Resource Owner's data on a Resource Server (API) without ever seeing the user's credentials.

OAuth 2.0 is the current Authorization Framework, a critical protocol for securing modern APIs. It strictly separates the Resource Owner (user) from the Client (application) and the Resource Server (API). The core function is authorization delegation: a user grants an application permission to access specific data (scopes) on their behalf. This process yields an Access Token, a credential string with a defined lifetime (e.g., 3600 seconds) that the Client uses to make protected resource requests. This token-based approach prevents the Client from handling the user's primary credentials (username/password), significantly enhancing security and control.

https://oauth.com/