OAuth 2.0

OAuth 2.0 is an authorization framework that allows applications to request limited access to a user's account on another service without requiring the user's password. The user grants permission through the service's own interface, and the service issues an access token to the requesting application.

The most familiar use is 'Sign in with Google' or 'Connect with GitHub'. The app redirects the user to Google, the user approves the permissions, and Google redirects back with an authorization code the app exchanges for an access token.

OAuth 2.0 is preferred when an API needs to act on behalf of a specific user. API keys are simpler for server-to-server integrations where no user delegation is needed.