Authentication

API Aggregator supports several authentication schemes, including API keys, OAuth2, and OpenID Connect. Configure each API inapi-config.json with the appropriate credentials and the aggregator will handle token acquisition and refresh.

OIDC Example (IdentityServer)

Our documentation often references an IdentityServer instance hosted athttps://auth.apiaggregator.net. Use the following configuration snippet:

{
  "apis": {
    "health-api": {
      "baseUrl": "https://api.healthservice.com/v1",
      "auth": {
        "type": "oidc",
        "issuer": "https://auth.apiaggregator.net",
        "clientId": "YOUR_CLIENT_ID",
        "clientSecret": "YOUR_CLIENT_SECRET",
        "scopes": ["openid", "profile", "api"],
        "redirectUri": "https://yourapp.com/callback"
      }
    }
  }
}

After initializing APIAggregator, you can callagg.login('health-api') to start the flow or useagg.getAccessToken('health-api') programmatically. The library will cache and refresh tokens as needed.

Other Schemes

• API Key: include under auth with type ofapiKey.
• Basic/Digest: supported via headers configuration.