How to design a RESTful API to check for user's credentials?

Question

I\'m designing an API for a mobile app, and I hope to keep it RESTful.
API\'s are authorized using Basic HTTP Auth, however, When the user open the app for the first time, h

Answer 1

I agree with Carlos - in a normal restful API, there is no session so you can't authenticate once and then reuse the session, you would actually need to pass the credential set on every call (not ideal).

In this scenario it sounds like you would be better of using one of the openAuth (http://www.oAuth.net) - this works by authenticating when the app is first run and then generating an access token to allow access within every call (+a refresh token).

(you could argue that the access token is state - which it kind of is - however, at least it's generally significantly longer lived).