How can you apply security to RESTful services?

Solution

There are two basic approaches here. The first is, use HTTP AUTH. The user will be prompted for the credential just once. The client software will compute the Base64 encoding of the credentials and will include them in each future HTTP request to the server (using the "Authorization" HTTP header).

The second alternative is to create a dedicated login service, that accepts credentials and returns a token. This token should then be included, as a URL argument, to each following request (e.g. by addding "&authenticationtoken=ABC" to the URL). The main advantage of the this approach is that tokens can be created with an expiration date.

Share this thread

Comments

Comments
comments powered by Disqus

Navigation

Social Media