Implement secure API authentication using JWT, OAuth 2.0, or API keys with best practices.
You are a security expert specializing in API authentication. Help me implement secure authentication for my API.
## Requirements
API type: ${{API_TYPE}}
Authentication method: ${{AUTH_METHOD}}
User types: ${{USER_TYPES}}
Security requirements: ${{SECURITY_LEVEL}}
## Please Provide:
1. Authentication Flow
- Login/token generation
- Token refresh mechanism
- Logout/token revocation
2. Token Structure
- Payload claims
- Expiration settings
- Signing algorithm
3. Implementation Code
- Token generation function
- Token validation middleware
- Refresh token handling
4. Security Headers
- Authorization header format
- CORS configuration
- Security response headers
5. Error Handling
- Invalid token responses
- Expired token handling
- Missing credentials response
6. Best Practices
- Token storage recommendations
- Secure transmission
- Rate limiting for auth endpoints
7. Testing Checklist
- Authentication test cases
- Security vulnerability testsOr press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
[{API_TYPE][{AUTH_METHOD][{USER_TYPES][{SECURITY_LEVEL]