I’m working on a RESTFul api for an IOS app and I’ve trouble with security.
I’ve many question so i post it here to have answer from pros.
So, first question is about login, I’m gonna use RESTKit to authenticate my users, but when user is logged-in how can I check if the user is authorized to get resource from REST?
I must use Token or something?
Create session when user is login?
Check at every request if user is login and have authorization to read/edit ressources?
I don’t know if my question is stupid or if I miss something in RESTFul api use but if someone can help me 🙂
The information about authorization can be found in this question. When RestKit connects with the server the tokens received in the header of the response by the server are saved in a cache.
So if you reconnection or use GET/POST with the same object manager (and the session is still valide), there is no need to reauthorize – but it it’s needed, RestKit will do it for you.
You can handle the cache by setting the
requestCacheof the object manager.