Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My app is running on domain example.com, but I fetch some data from domain api.example.com.
Example:
Question:
I would like to know, which security should I use to verify user? oAuth? Or should I send user’s password over POST? Thank you.
if your api.example.com is meant to be use by other sites, you should have an authentication system on api.example.com (http basic+ssl, http digest, oauth, etc.) which is used by example.com.
example.com should then not manage user (creation, authentication, etc), only relay to api.example (maybe using session to store api.example.com user credentials).
but example.com should manage user preferences if those preferences refer only to example.com