Securing RESTapi in flask

Question

The app I\'m deving uses a lot of ajax calls. Unfortunately I hit a snag when researching on how to restrict access to the api. For example:

• i have table that does

Answer 1

The thousand-foot view is you need to authenticate the user either with:

A) HTTP-Auth (either basic or digest) on each request.

B) Server-side sessions. (The user authenticates and receives a session key - their user information is stored in the session backend on the server, attached to that key Once they have a session they can make requests passing their session key back to you (either in the URL or in a cookie) and the information they have access to is returned to them.)

Flask has a pair of useful extensions that deal with a large part of this sort of thing - check out Flask-Login and Flask-Principal to see examples of how authorization can be added to a Flask application.