Apparatus and method for API authentication using two API tokens

1. An application programming interface (API) authentication method using two API tokens, the API authentication method comprising:

• obtaining, at a user device, a general API token and information required for a one-time API token creation from a service providing apparatus, the general API token having an expiration time;
  
  checking, at the user device, whether or not the general API token has expired, andupon determining that the general API token has expired, obtaining a new general API token and new information required for the one-time API token creation from the service providing apparatus, andupon determining that the general API token has not expired,creating the one-time API token using the obtained information from the service providing apparatus, andsending an API request to the service providing apparatus with both the general API token and the created one-time API token; and
  
  in response to the API request from the user device, processing, at the service providing apparatus, the API request according to a result of authentication based on the general API token and the one-time API token, whereinthe processing of the API request comprises;
  
  receiving the API request that contains the first one-time API token and the general API token from the user device,identifying the user device with the general API token,extracting information required for one-time API token creation which is to be mapped to the identified user device in mapping information,generating a second one-time API token using the extracted information,checking whether the first one-time API token is identical to the second one-time API token, andprocessing the API request according to a result of the checking.