Categories: API

Authentication vs Authorization

Authentication and authorization are both common terms in the world of identity and access management (IAM). While often used interchangeably, authentication and authorization represent fundamentally different functions and both are distinct security processes. Understanding the difference between the two is key to successfully implementing an IAM solution.

In simple terms authentication is the process of verifying who a requester is while authorization is the process of verifying what they capable or access to.

What is Authentication?

Authentication is validation process of the requester. The system checks whether requester is who its claimed or not. Generally authentication is done by a username and password, although there are other various ways and steps to be authenticated like Single-Sign-On, One-Time Pins, Authentication Apps, SSL Certificates and even bio-metrics like fingerprint or retina scanner.

In some instances, systems require the successful verification of more than one factor before granting access. This multi-factor authentication (MFA) requirement is often deployed to increase security beyond what passwords alone can provide.

What is Authorization?

Authorization is the verifying process of the requester capabilities. After successfully authenticated by the system, it verifies access for various resources. Read-Only Access might be the best option for 3rd parties’ users for reading purposes and Full Access for internal users in different capabilities as well. However authorization does not grants access instead only verifies it.

Authentication

  • Determines whether users are who they claim to be
  • Usually done before authorization
  • Challenges the user to validate credentials

Authorization

  • Determines what users can and cannot access
  • Usually done after successful authentication
  • Verifies whether access is allowed through policies and rules

In short, access to a resource is protected by both authentication and authorization. If you can’t prove your identity, you won’t be allowed into a resource. And even if you can prove your identity, if you are not authorized for that resource, you will still be denied access.

Emre KARABULUT

Hi, I’m Emre KARABULUT, 29, and I am the owner of a small (but perfectly formed) design studio called Minimalist Art & Design based in Istanbul, which specialises in Blog and User Interface design. I help entrepreneurs and small business owners create a unique brand and online presence which gives them a powerful platform to reach out to their customers and markets.

Share
Published by
Emre KARABULUT

Recent Posts

Authenticating with the Apple Search Ads API

There are many methods for using APIs. In order to understand it better, lets take…

3 years ago

How To Add Swap Space on Ubuntu 20.04 or 20.10

One way to guard against out-of-memory errors in applications is to add some swap space.…

4 years ago

Install Docker-Compose on Ubuntu 20.04 or 20.10

Docker Compose is a tool that allows you to run multi-container application environments based on…

4 years ago

Shopware 6 – Local installation in Ubuntu 20.04 or 20.10

After the creation of development environment your setup fulfills the Shopware 6 requirements. If you…

4 years ago

Shopware 6 – Docker installation in Ubuntu 20.04 or 20.10

After the creation of development environment your setup fulfills the Shopware 6 requirements. If you…

4 years ago

Shopware 6 – Installing System Requirements in Ubuntu 20.04 or 20.10

To create a development environment in fresh install of Linux - Ubuntu 20.04 (Focal Fossa)…

4 years ago