Authentication and web services
With Sitefinity CMS you can authroize HTTP requests to web services using OAuth2 access tokens or user Access Keys. With the Default authentication protocol, you can generate an Access Key that is stored and used to authenticate the requests as well as OAuth2 access tokens for users. With the OpenID authentication protocol in Sitefinity CMS, you can only generate OAuth2 access tokens.
You can also setup an integration with OAuth2.0 if you need to integrate a small number of applications. For larger or more advanced integrations, it's best to integrate Sitefinity CMS with external identity providers.
Integration with the Default protocol
For Sitefinity CMS projects that use the Default authentication protocol, administrators can generate access key that can be used to authenticate requests or use the OAuth2 Authorization Server. Access keys are used mainly for machine to machine communication (similar to the OAuth2 client credentials flow). For more information, see Generate access key.
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. For more information, see Configure Oauth 2.0
Integration with the OpenID protocol
For Sitefinity CMS projects that use the OpenID authentication protocol, you can use access tokens in HTTP requests to access protected resources such as Sitefinity Web API. For more information, see Request access token for calling web services.