Authentication in the Investment API
There are two aspects to authentication in the Investment API:
We use OAuth 2.0 to establish who is currently making requests against the API and whether they should be allowed to use the particular resources they're attempting to use.
We use HTTP message signatures to check that requests, that say they came from you, really did come from you and have not been interfered with during their journey to our servers.