Home/ Questions/Q 6933335
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T11:49:11+00:00

According to the REST there is no such term as logged-in user, so each

  • 0

According to the REST there is no such term as “logged-in” user, so each request Authentication should be passed, to enable user authentication on the server.

The questions are:

  1. What are the approved techniques in practice which make sense to use? AWS? OAuth?
  2. How to obtain the initial token which can be then resend with each request?
  3. Are there any vulnerabilities if someone get access to this token, and can identify him as a different person, using this auth token.
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    1. There is no approval body for REST, so there’s no mandated or standardized technique. The closest thing to an “approved technique” is HTTPS.
    2. Use HTTPS and have the client send their credentials securely each time within each request. Avoid having the server dictate any kind of token to the client for the purpose of session management because that’s more data the server will have to manage.
    3. Sure, just as it would be bad to have someone get your email password…
    • 0