Basic HTTP and Bearer Token Authentication

Question

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I\'m still trying to figu

Answer 1

There is another solution for testing APIs on development server.

• Set HTTP Basic Authentication only for web routes
• Leave all API routes free from authentication

Web server configuration for nginx and Laravel would be like this:

    location /api {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location / {
        try_files $uri $uri/ /index.php?$query_string;

        auth_basic "Enter password";
        auth_basic_user_file /path/to/.htpasswd;
    }

Authorization: Bearer will do the job of defending the development server against web crawlers and other unwanted visitors.