发表新帖
发表新帖

RESTful API Authentication

前端 未结
关注
2 1681
南方客
南方客 2021-02-02 14:37

I have found quite a few questions on this topic on SO, but couldn\'t find any answering this question:

Should I validate users with their username and password, or with

相关标签:
2条回答
  • 难免孤独
    2021-02-02 14:52

    One good method is to have a login method, taking the username and password (hopefully over TLS). You give them an expiring token if they successfully auth; the rest of their API calls must contain this token to succeed.

    0 讨论(0)
  • 不思量自难忘°
    2021-02-02 15:15

    you can use HTTP Authentication over SSL and that's secure enough. However it makes consumption of API a bit difficult as it requires the client library to support SSL. SSL can affect the performance too if you're expecting too many calls simultaneously.

    API key option is just as insecure as HTTP Authentication without SSL. If you're not concerned with security then API Key is the easiest for consumers of the API.

    0 讨论(0)
 看不清?
提交回复
热议问题