Developer Documentation
DAR Open Network
  • Overview
  • DAR ID
    • Introduction
    • Client ID Registration
    • Authentication
      • 1. Request DAR ID Identity
      • 2. Exchange Code for Access Token
      • 3. Refresh Access Token
      • 4. Get Access Token Details
      • 5. Get User DAR ID Information
    • Security Best Practices
  • DeAI
    • Multi-Agent Framework
      • Development Guide
      • Agent Options
      • Endpoints Overview
    • aiNFT Framework
      • Overview
      • Chat with an NFT Agent
      • Generate a Story for an NFT Agent
      • Group Chat Between Multiple NFT Agents
    • Game Asset Generator
Powered by GitBook
On this page
  1. DAR ID

Security Best Practices

  1. Server-side Validation

    • Always validate redirect_uri server-side against a whitelist

    • Verify the state parameter matches the original request

  2. Authorization Flow

    • Use authorization code flow (response_type=code)

    • Avoid implicit flow (response_type=token)

    • Implement PKCE when possible

  3. Token Management

    • Store tokens securely

    • Refresh tokens before expiration

    • Validate scope parameters for each application

  4. Request Security

    • Use HTTPS for all API calls

    • Include proper headers and origins

    • Handle errors and token expiration gracefully

Previous5. Get User DAR ID InformationNextMulti-Agent Framework

Last updated 4 months ago