Authentication in the Investment API
There are two aspects to authentication in the Investment API:
OAuth 2.0
We use OAuth 2.0 to establish who is currently making requests against the API and whether they should be allowed to use the particular resources they're attempting to use. You can read more about OAuth in the Upvest Investment API, in "OAuth".
HTTP Message Signatures
We use HTTP Message Signatures to check that requests, that say they came from you, really did come from you and have not been interfered with during their journey to our servers. You can read more about that in "HTTP Message Signatures".