Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am developing several RESTful API for 3rd party to call, and these API need authentication (apikey & secret based), and authorization (HTTP method & URI based).
Are there any existing software we can reuse that prevent me from rolling out our own implementation for the security layer?
HTTP gives you granted support for that, so you don’t need to reinvent the wheel
Either use:
Auth Digest has advantage, that it does not transmit the passowrd in cleartext and handles replay attacks (with nonces).
We use HTTP Auth Digest (Tomcat servlet container has direct support for it) and we are content with it.
EDIT: Some clients have problems with Digest (not so trivial), so these days I would opt for Basic and SSL. Advantage for Basic is also that you can you preemptive authentication (sending user:pwd in first request).