RESTful API Authentication

Question

I have found quite a few questions on this topic on SO, but couldn\'t find any answering this question:

Should I validate users with their username and password, or with

Answer 1

One good method is to have a login method, taking the username and password (hopefully over TLS). You give them an expiring token if they successfully auth; the rest of their API calls must contain this token to succeed.