Client REST API Authentication

Question

Client REST API Authentication

I have seen many different posts about various RESTful API authentication solutions, and I have some questions regarding this current scenario.

I created a REST API that will allow my software clients (we are a B2B company) to access resources programmatically. Now that I'm working on the API correctly, I would like to provide it in the most standardized way. I need to allow access to certain resources based on the calling API. In other words, not all API users can access all resources.

I have URLS in the following formats:

https://mydomain/api/students
https://mydomain/api/students/s123
https://mydomain/api/students/s123/classes
https://mydomain/api/students/s123/classes/c456

So far I have come up with these possible solutions:

Provide a unique key to each client that they can use to ultimately create an encrypted token that will be passed as a GET parameter at the end of each REST call to (re) authenticate each individual request. This approach is too expensive.
https://mydomain.com/api/students/s123?token=abc123
Specify a value in the HTTP authorization header, as shown here . Is it almost the same as # 1? (Also, I cannot paste the URL into the browser). Do people use these headers more?
OAuth 2 ( ). OAuth 2 ? API REST, ? , OAuth - ( ), , , . / REST API?

- API, , API, , .

, .

+5

rest restful-authentication

Adam Levitt 05 . '13 16:01

1

inf3rno · Answer 1 · 2013-12-01T15:30:32+0000

, , , API:

- . , , , HTTP- HTTP. , , - .
- - . API. , , , . , . , API , .

OAuth .

URL- . REST URL, , (, ). , URL ( , , ). . , ( ) , .

Client REST API Authentication

More articles: