What authentication methods does SHARE support?

SHARE primarily supports API keys for direct programmatic access and OAuth 2.0 for delegated authorization, allowing third-party applications to access user data securely.

How do I get an API key for SHARE?

You can generate an API key by logging into your SHARE account, navigating to the 'API Settings' or 'Developer Settings' in your user dashboard, and following the prompts to create a new key. Remember to store it securely.

Is OAuth 2.0 required for all API integrations?

No, OAuth 2.0 is generally used for client-side applications or integrations where user consent and delegated access are needed. For server-to-server communication or backend services, API keys are typically sufficient.

How should I secure my API keys and Client Secrets?

API keys and Client Secrets should be treated like passwords. Store them in environment variables or secure configuration management systems, not directly in code or public repositories. Always use HTTPS for API communication.

Can I limit the permissions of an API key?

Yes, depending on your SHARE plan and specific settings, you can often configure API keys with specific scopes or permissions to limit their access to only the resources and actions required by your application.

What happens if my API key is compromised?

If an API key is compromised, immediately revoke it from your SHARE dashboard and generate a new one. Implement least privilege principles to minimize potential damage from a compromised key.

SHARE Authentication: Methods, Credentials, & Security (2026)

SHARE authentication: Users authenticate with SHARE primarily through API keys for direct programmatic access and OAuth 2.0 for delegated authorization. These methods ensure secure access to shared data workspaces and collaboration features, supporting various integration patterns for developers and technical buyers. Credential management and security best practices are detailed in the official SHARE documentation.

Authentication overview

SHARE provides mechanisms for verifying the identity of users and applications attempting to access its platform and data. Proper authentication is critical for maintaining the security and integrity of shared datasets and collaborative environments. The platform supports standard authentication protocols designed to integrate with various development workflows and enterprise security policies. All communication with the SHARE API is secured via HTTPS to encrypt data in transit, protecting credentials and shared information from interception SHARE API reference security details.

Developers interacting with SHARE's API for programmatic data sharing and collaboration will primarily use API keys. For scenarios requiring delegated access or integration with third-party applications, SHARE implements the OAuth 2.0 framework. This standard protocol enables applications to obtain limited access to user accounts on an HTTP service, without giving away user credentials OAuth 2.0 specification. SHARE's approach to authentication is designed to balance ease of integration with robust security, ensuring that only authorized entities can interact with sensitive data.

Supported authentication methods

SHARE supports two primary authentication methods tailored for different use cases:

API Keys: These are unique, secret tokens used to authenticate requests made by an application or script directly to the SHARE API. API keys are suitable for server-to-server communication, backend services, or scripts that manage data without direct user interaction.
OAuth 2.0: This open standard provides a secure method for third-party applications to gain delegated access to a user's SHARE account. OAuth 2.0 is ideal for web and mobile applications where users grant permission for an application to act on their behalf without exposing their SHARE credentials to the application itself.

Comparison of authentication methods

Method	When to Use	Security Level
API Keys	Server-side applications, scripts, internal tools, direct API calls where a user context is not required.	High (when managed securely), requires careful handling to prevent exposure.
OAuth 2.0	Client-side applications (web/mobile), third-party integrations, scenarios requiring user consent and delegated access.	High (standardized, token-based, minimizes credential exposure), relies on proper implementation of flows.

Getting your credentials

To use SHARE's API, you will need to obtain the appropriate credentials. The process for generating and managing API keys and setting up OAuth 2.0 applications is managed through the SHARE user dashboard.

API Key generation

Log in to SHARE: Access your SHARE account through the official website SHARE homepage.
Navigate to API Settings: In the user dashboard, locate the "API Settings" or "Developer Settings" section. This is typically found under your profile or account management menu.
Generate New API Key: Follow the prompts to generate a new API key. You may be asked to provide a descriptive name for the key to help you manage multiple keys for different applications.
Copy and Store Securely: Once generated, the API key will be displayed. Copy it immediately and store it in a secure location. SHARE typically displays the key only once upon creation for security reasons. Treat your API key like a password; do not hardcode it directly into client-side code or public repositories.
Configure Permissions (Optional): Depending on your SHARE plan and specific requirements, you might be able to assign specific scopes or permissions to your API key, limiting its access to only necessary resources or actions. Consult the SHARE authentication documentation for details on key-specific permissions.

OAuth 2.0 application setup

Setting up an OAuth 2.0 application involves registering your application with SHARE and configuring redirect URIs and requested scopes.

Register Your Application: In the SHARE developer dashboard, find the "OAuth Applications" section and register a new application. You will need to provide details such as your application's name, description, and website URL.
Configure Redirect URIs: Specify one or more Redirect URIs (also known as Callback URLs). These are the URLs to which SHARE will redirect the user after they have authorized your application. These must be exact matches to protect against interception SHARE OAuth setup guide.
Obtain Client ID and Client Secret: Upon registration, SHARE will provide you with a Client ID and a Client Secret. The Client ID is publicly exposed, while the Client Secret must be kept confidential, similar to an API key.
Define Scopes: Determine the specific permissions (scopes) your application needs to access user data (e.g., read:data, write:data, manage:workspaces). These scopes are presented to the user during the authorization flow, allowing them to explicitly grant access.
Implement Authorization Flow: Integrate the OAuth 2.0 authorization code flow (or other suitable flow like Implicit or Client Credentials for specific scenarios) into your application. This typically involves redirecting the user to SHARE's authorization endpoint, handling the callback, and exchanging the authorization code for an access token.

Authenticated request example

Once you have obtained an API key, you can include it in your API requests. For SHARE, API keys are typically sent in the Authorization header using the Bearer scheme.

Python example with API Key

This example demonstrates how to make an authenticated request to a SHARE API endpoint using Python's requests library.

import requests
import os

SHARE_API_KEY = os.environ.get("SHARE_API_KEY")
SHARE_BASE_URL = "https://api.share.org/v1"

headers = {
    "Authorization": f"Bearer {SHARE_API_KEY}",
    "Content-Type": "application/json"
}

try:
    response = requests.get(f"{SHARE_BASE_URL}/workspaces", headers=headers)
    response.raise_for_status()  # Raise an exception for HTTP errors (4xx or 5xx)
    data = response.json()
    print("Successfully fetched workspaces:")
    for workspace in data.get("workspaces", []):
        print(f"- {workspace.get('name')} (ID: {workspace.get('id')})")
except requests.exceptions.RequestException as e:
    print(f"An error occurred: {e}")
    if response is not None:
        print(f"Response status code: {response.status_code}")
        print(f"Response body: {response.text}")

JavaScript example with API Key (Node.js)

This example uses fetch in a Node.js environment to make an authenticated request.

const SHARE_API_KEY = process.env.SHARE_API_KEY;
const SHARE_BASE_URL = "https://api.share.org/v1";

async function fetchWorkspaces() {
  try {
    const response = await fetch(`${SHARE_BASE_URL}/workspaces`, {
      method: 'GET',
      headers: {
        'Authorization': `Bearer ${SHARE_API_KEY}`,
        'Content-Type': 'application/json'
      }
    });

    if (!response.ok) {
      const errorText = await response.text();
      throw new Error(`HTTP error! status: ${response.status}, body: ${errorText}`);
    }

    const data = await response.json();
    console.log("Successfully fetched workspaces:");
    data.workspaces.forEach(workspace => {
      console.log(`- ${workspace.name} (ID: ${workspace.id})`);
    });
  } catch (error) {
    console.error(`An error occurred: ${error.message}`);
  }
}

fetchWorkspaces();

Security best practices

Adhering to security best practices for authentication is crucial to protect your data and maintain the integrity of your SHARE account.

Keep API Keys and Client Secrets Confidential: Never expose your API keys or OAuth Client Secrets in client-side code (e.g., browser JavaScript, mobile apps) or public version control repositories. Use environment variables or secure configuration management systems to store and retrieve them.
Use HTTPS Always: All communications with the SHARE API should occur over HTTPS to ensure that data, including authentication credentials, is encrypted in transit and protected from eavesdropping and tampering. SHARE enforces HTTPS for all API endpoints SHARE security documentation.
Implement Least Privilege: Limit the permissions of your API keys or OAuth tokens to only what is necessary for your application to function. If a key or token is compromised, the potential damage will be minimized. Regularly review and adjust permissions as needed.
Rotate Credentials Regularly: Periodically generate new API keys and invalidate old ones. For OAuth, implement token refresh mechanisms to obtain new access tokens without requiring users to re-authorize frequently Google's guide on refreshing access tokens.
Monitor API Usage: Keep an eye on your API usage patterns. Unusual spikes or requests from unexpected locations could indicate a compromised key or unauthorized access attempt. SHARE provides logging and monitoring tools within its dashboard.
Error Handling: Implement robust error handling for authentication failures. Avoid providing overly descriptive error messages that could reveal sensitive information to potential attackers. Generic messages like "Authentication failed" are preferred.
Protect Redirect URIs (for OAuth): Ensure that your OAuth Redirect URIs are carefully configured and only point to trusted, secure endpoints. Mismatched or malicious redirect URIs can lead to authorization code interception.
Secure Your Development Environment: Protect your local development environment and CI/CD pipelines where credentials might be used or stored. Use secure coding practices and minimize credential exposure during development and deployment.

SHARE Authentication: Methods, Credentials, & Security (2026)

Authentication overview

Supported authentication methods

Comparison of authentication methods

Getting your credentials

API Key generation

OAuth 2.0 application setup

Authenticated request example

Python example with API Key

JavaScript example with API Key (Node.js)

Security best practices

Frequently asked questions

Reviews

Discussion

Written by