How can you apply security to RESTful services?


There are two basic approaches here. The first is, use HTTP AUTH. The user will be prompted for the credential just once. The client software will compute the Base64 encoding of the credentials and will include them in each future HTTP request to the server (using the "Authorization" HTTP header).

The second alternative is to create a dedicated login service, that accepts credentials and returns a token. This token should then be included, as a URL argument, to each following request (e.g. by addding "&authenticationtoken=ABC" to the URL). The main advantage of the this approach is that tokens can be created with an expiration date.

Share this thread


comments powered by Disqus


Social Media