API Authentication Guide

Authentication Methods

I Hate PPT API supports multiple authentication methods to ensure secure and reliable API calls.

👉 Try I Hate PPT API Now

API Key Authentication

Getting API Keys

1. Log in to I Hate PPT Console
2. Navigate to "API Management" page
3. Click "Create API Key"
4. Enter key name and description
5. Select permission scope
6. Copy the generated key

Using API Keys

curl -X POST https://api.ihateppt.com/v1/ppt/generate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"topic": "AI Development Trends"}'

Permission Scopes

• read - Read-only permissions, can query data
• write - Read-write permissions, can create and modify data
• admin - Administrator permissions, can manage all resources

OAuth 2.0 Authentication

Authorization Flow

1. Authorization Request - Redirect user to authorization page
2. User Authorization - User confirms authorization on the page
3. Get Authorization Code - System returns authorization code
4. Exchange Token - Use authorization code to get access token
5. API Call - Use access token to call API

Authorization URL

https://api.ihateppt.com/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  response_type=code&
  scope=read write&
  state=random_state_string

Get Access Token

curl -X POST https://api.ihateppt.com/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code&
       code=AUTHORIZATION_CODE&
       redirect_uri=YOUR_REDIRECT_URI&
       client_id=YOUR_CLIENT_ID&
       client_secret=YOUR_CLIENT_SECRET"

Using Access Token

curl -X POST https://api.ihateppt.com/v1/ppt/generate \
  -H "Authorization: Bearer ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"topic": "AI Development Trends"}'

JWT Token Authentication

Getting JWT Token

curl -X POST https://api.ihateppt.com/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "your_username",
    "password": "your_password"
  }'

Response Example

{
  "success": true,
  "data": {
    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expires_in": 3600,
    "token_type": "Bearer"
  }
}

Refresh Token

curl -X POST https://api.ihateppt.com/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "your_refresh_token"
  }'

Signature Authentication

Calculate Signature

import hmac
import hashlib
import time
import base64

def generate_signature(method, url, body, secret):
    # Build signature string
    timestamp = str(int(time.time()))
    message = f"{method}\n{url}\n{body}\n{timestamp}"
    
    # Calculate HMAC-SHA256 signature
    signature = hmac.new(
        secret.encode('utf-8'),
        message.encode('utf-8'),
        hashlib.sha256
    ).digest()
    
    # Base64 encode
    return base64.b64encode(signature).decode('utf-8')

Ready to integrate with your app?

Get started with our powerful API and SDK. Build amazing presentation features into your own applications.

View API Docs

Using Signature

curl -X POST https://api.ihateppt.com/v1/ppt/generate \
  -H "Authorization: Signature YOUR_SIGNATURE" \
  -H "X-Timestamp: 1640995200" \
  -H "Content-Type: application/json" \
  -d '{"topic": "AI Development Trends"}'

Multi-Factor Authentication

Enable MFA

1. Go to "Security Settings" in the console
2. Select "Multi-Factor Authentication"
3. Scan QR code or enter secret key
4. Enter verification code to complete setup

Using MFA

curl -X POST https://api.ihateppt.com/v1/ppt/generate \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-MFA-Token: 123456" \
  -H "Content-Type: application/json" \
  -d '{"topic": "AI Development Trends"}'

Permission Management

Role Permissions

• Owner - Has all permissions
• Admin - Administrative permissions, can manage users and resources
• Editor - Edit permissions, can create and modify PPTs
• Viewer - View permissions, can only view PPTs

Resource Permissions

• PPT Management - Create, edit, delete PPTs
• File Management - Upload, download, delete files
• User Management - Manage user accounts and permissions
• API Management - Manage API keys and access permissions

Permission Check

def check_permission(user, resource, action):
    # Check if user has permission to perform action
    if user.role == 'owner':
        return True
    
    if resource == 'ppt' and action == 'create':
        return user.role in ['owner', 'admin', 'editor']
    
    if resource == 'user' and action == 'manage':
        return user.role in ['owner', 'admin']
    
    return False

Security Best Practices

API Key Security

1. Protect Keys - Don't hardcode API keys in code
2. Environment Variables - Use environment variables to store keys
3. Regular Rotation - Regularly rotate API keys
4. Minimal Permissions - Only grant necessary permissions

Network Security

1. Use HTTPS - Always use HTTPS for API calls
2. IP Whitelist - Limit API access by IP address
3. Request Signing - Use request signing to prevent tampering
4. Rate Limiting - Implement rate limiting to prevent abuse

Monitoring and Auditing

1. Access Logs - Log all API access
2. Anomaly Detection - Monitor unusual access patterns
3. Regular Audits - Regularly audit permissions and access records
4. Alert Mechanism - Set up security event alerts

Error Handling

Authentication Errors

{
  "success": false,
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "Authentication failed",
    "details": {
      "reason": "invalid_token",
      "expires_at": "2024-01-15T10:30:00Z"
    }
  }
}

Permission Errors

{
  "success": false,
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "Insufficient permissions",
    "details": {
      "required_permission": "ppt:create",
      "user_permissions": ["ppt:read"]
    }
  }
}

Frequently Asked Questions

Q: What to do if API key is compromised?

A:

• Immediately revoke the compromised key in the console
• Generate a new API key
• Check for unauthorized API calls
• Update all applications using that key

Q: How to improve API security?

A:

• Use HTTPS for all API calls
• Implement IP whitelist restrictions
• Enable multi-factor authentication
• Regularly rotate API keys

Q: How to handle token expiration?

A:

• Implement automatic token refresh mechanism
• Proactively refresh tokens before expiration
• Handle refresh failure scenarios
• Provide user-friendly error messages

Q: How to monitor API usage?

A:

• View API usage statistics
• Set up usage alerts
• Monitor unusual access patterns
• Regularly review access logs

---

Ready to integrate with your app?

Get started with our powerful API and SDK. Build amazing presentation features into your own applications.

View API Docs

Get Started with API - Check out API Reference for detailed API interface documentation.