Overview of authentication methods in the Leafy Energy API

How do we secure the Leafy Energy API in the demo?

Leafy Energy is a fictional demo company, but we use realistic authentication patterns to illustrate how to securely expose an energy platform.

Authentication methods in the concept

• API keys: simple access tokens for server-to-server integrations.
• OAuth 2.0 (conceptual): suitable for apps acting on behalf of end users.
• Signed webhooks: validating inbound webhook calls using a shared secret.

When to use which?

• Back-end integrations and cron jobs: typically API keys.
• Mobile or web apps on behalf of a user: OAuth-style flows.
• Events towards external systems: webhooks with signatures.

Throughout the demo documentation we refer back to this article as the anchor for deeper security topics.