What authentication methods does Times Adder support?

Times Adder supports two primary authentication methods: API Keys for direct server-to-server access and OAuth 2.0 for delegated authorization, often used by client-side applications or when user consent is required.

How do I get an API Key for Times Adder?

You can generate an API Key by logging into your Times Adder Developer Dashboard, navigating to the 'API Keys' section, and following the prompts to create a new key. Remember to copy and store it securely immediately after generation.

When should I use OAuth 2.0 instead of an API Key?

Use OAuth 2.0 when your application needs to act on behalf of a user, for client-side applications (like mobile or single-page apps), or when you need a more granular control over permissions and user consent. API Keys are better suited for backend services where the key can be securely stored.

Are Times Adder API Keys secure?

Times Adder API Keys are secure if managed properly. Best practices include storing them in environment variables or secret management services, rotating them regularly, and never hardcoding them directly into your application's source code.

Does Times Adder support refresh tokens for OAuth 2.0?

Yes, Times Adder's OAuth 2.0 implementation supports refresh tokens for the Authorization Code Grant flow, allowing your application to obtain new access tokens without requiring the user to re-authorize after the initial access token expires.

Can I revoke an API Key or OAuth 2.0 credentials?

Yes, you can revoke both API Keys and OAuth 2.0 Client IDs/Secrets from your Times Adder Developer Dashboard. Revocation immediately invalidates the credentials, preventing further unauthorized access.

What is the recommended way to store my Times Adder credentials?

It is highly recommended to store your Times Adder credentials (API Keys, Client Secrets) using environment variables, dedicated secret management services (e.g., AWS Secrets Manager, Google Secret Manager), or secure configuration files, rather than hardcoding them in your application.

Times Adder Authentication: API Key & OAuth 2.0 (2026)

Authentication overview

Times Adder provides secure access to its time series aggregation, anomaly detection, and forecasting APIs through industry-standard authentication mechanisms. Developers can choose between API Keys for straightforward server-side integrations and OAuth 2.0 for more complex scenarios involving user delegation or client-side applications. Proper authentication is critical for protecting data accessed via the Times Adder API reference and ensuring compliance with security standards.

The choice of authentication method depends on the application's architecture and security requirements. API Keys offer simplicity and are suitable for backend services, while OAuth 2.0 provides a robust framework for delegated authorization, often preferred for public clients or when user consent is necessary. Both methods are designed to integrate seamlessly with Times Adder's SDKs and direct HTTP requests.

Supported authentication methods

Times Adder supports two primary authentication methods:

API Keys: A simple token-based authentication mechanism.
OAuth 2.0: An authorization framework for delegated access.

API Keys

API Keys are unique, secret tokens assigned to a developer account. They are used to authenticate requests by including them in the Authorization header of HTTP requests as a Bearer token. This method is ideal for server-to-server communication, backend services, and applications where the API key can be securely stored and managed. API Keys provide direct access to the resources associated with the generating account.

OAuth 2.0

Times Adder implements OAuth 2.0, an authorization framework that allows third-party applications to obtain limited access to a user's resources without exposing their credentials. This is particularly useful for:

Client-side applications: Such as mobile apps or single-page applications where storing API keys securely is challenging.
Delegated access: When an application needs to act on behalf of a user, with the user's explicit consent.
Third-party integrations: Enabling other services to interact with Times Adder data securely.

Times Adder supports common OAuth 2.0 flows, including the Authorization Code Grant for web applications and the Client Credentials Grant for server-to-server applications where no user interaction is involved. For a comprehensive understanding of OAuth 2.0 principles, the IETF RFC 6749 defines the OAuth 2.0 framework.

Comparison of Authentication Methods

The following table summarizes the key characteristics of Times Adder's supported authentication methods:

Method	When to Use	Security Level	Credential Type
API Key	Server-to-server, backend services, internal tools	Medium (requires secure storage)	Single secret string
OAuth 2.0 (Authorization Code)	Web applications, mobile apps, delegated user access	High (token-based, user consent)	Client ID, Client Secret, Authorization Code, Access Token, Refresh Token
OAuth 2.0 (Client Credentials)	Server-to-server, machine-to-machine, no user context	High (token-based, client identity)	Client ID, Client Secret, Access Token

Getting your credentials

To authenticate with Times Adder, you must first obtain the necessary credentials from your developer account. The process varies slightly depending on whether you are using API Keys or OAuth 2.0.

For API Keys

Log in to the Developer Dashboard: Access your Times Adder developer account at docs.timesadder.com.
Navigate to API Keys Section: Locate the 'API Keys' or 'Credentials' section within the dashboard.
Generate New Key: Click on the option to generate a new API key. You may be prompted to provide a name or description for the key to help with organization.
Copy and Store Securely: Once generated, your API key will be displayed. It is crucial to copy this key immediately and store it in a secure location. For security reasons, Times Adder typically displays the full key only once.

For OAuth 2.0

Obtaining OAuth 2.0 credentials involves registering your application with Times Adder:

Register Your Application: In the Developer Dashboard, navigate to the 'Applications' or 'OAuth Clients' section.
Create New Application: Provide details for your application, including its name, description, and crucially, the Redirect URI(s) (also known as Callback URLs). These URIs are where Times Adder will redirect the user after they authorize your application. Ensure these are accurately configured to prevent security vulnerabilities.
Receive Client ID and Client Secret: Upon successful registration, Times Adder will issue a Client ID and a Client Secret. The Client ID is public and identifies your application, while the Client Secret is confidential and must be kept secure.
Configure OAuth Flow: Implement the chosen OAuth 2.0 flow (e.g., Authorization Code Grant) in your application, using the Client ID, Client Secret, and Redirect URI to initiate the authorization process and exchange authorization codes for access tokens.

Authenticated request example

This example demonstrates how to make an authenticated request to the Times Adder API using an API Key in Python. Similar patterns apply when using OAuth 2.0 access tokens, replacing the API key with the obtained bearer token.

Using an API Key (Python SDK)

First, ensure you have the Times Adder Python SDK installed:

pip install timesadder-sdk

Then, you can make an authenticated request:

import os
from timesadder_sdk import TimesAdderClient
from timesadder_sdk.exceptions import TimesAdderAPIException

# Retrieve your API Key from environment variables for security
# NEVER hardcode API keys directly in your code
API_KEY = os.environ.get("TIMESADDER_API_KEY")

if not API_KEY:
    raise ValueError("TIMESADDER_API_KEY environment variable not set.")

client = TimesAdderClient(api_key=API_KEY)

try:
    # Example: Fetch aggregated data for a specific time series
    response = client.time_series.aggregate(
        series_id="your-series-id-123",
        start_time="2023-01-01T00:00:00Z",
        end_time="2023-01-01T23:59:59Z",
        interval="1h",
        aggregation_type="sum"
    )
    print("Successfully fetched aggregated data:")
    for data_point in response.data:
        print(f"  Timestamp: {data_point.timestamp}, Value: {data_point.value}")

except TimesAdderAPIException as e:
    print(f"API Error: {e.status_code} - {e.message}")
except Exception as e:
    print(f"An unexpected error occurred: {e}")

Using an API Key (cURL)

For direct HTTP requests, include the API Key in the Authorization header:

curl -X GET \
  'https://api.timesadder.com/v1/time_series/aggregate?series_id=your-series-id-123&start_time=2023-01-01T00:00:00Z&end_time=2023-01-01T23:59:59Z&interval=1h&aggregation_type=sum' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json'

Security best practices

Adhering to security best practices is essential when integrating with Times Adder to protect your data and maintain the integrity of your applications.

Never hardcode credentials: API Keys and Client Secrets should never be directly embedded in your application's source code. Instead, use environment variables, secure configuration files, or secret management services (e.g., AWS Secrets Manager, Google Secret Manager, Azure Key Vault).
Use HTTPS for all communications: All interactions with the Times Adder API occur over HTTPS, ensuring that data transmitted between your application and the API is encrypted in transit. Verify that your client libraries and HTTP clients are configured to enforce HTTPS.
Rotate API Keys regularly: Periodically rotate your API Keys. If a key is compromised, rotating it minimizes the window of exposure. Times Adder's developer dashboard provides functionality for key rotation.
Implement the Principle of Least Privilege: Generate API Keys or configure OAuth clients with only the minimum necessary permissions required for your application's functionality. Avoid granting broad access if only specific endpoints are needed.
Monitor API usage: Regularly review your API usage logs in the Times Adder dashboard for any unusual activity that might indicate unauthorized access or compromise.
Secure Redirect URIs for OAuth 2.0: For OAuth 2.0 applications, ensure that your Redirect URIs are specific and secure. Avoid using wildcard redirects and always use HTTPS.
Validate and sanitize inputs: Always validate and sanitize any user-supplied input before using it in API requests to prevent injection attacks and other vulnerabilities.
Handle errors gracefully: Implement robust error handling in your application to manage API errors and exceptions. Avoid exposing sensitive information in error messages to end-users.
Keep SDKs and libraries updated: Regularly update the Times Adder SDKs and any third-party libraries used in your application to benefit from the latest security patches and features.
Review audit logs: Times Adder maintains audit logs of API access. Regularly review these logs for unusual patterns or unauthorized access attempts as part of your security monitoring.