Menu
On every call to my REST API, I require clients to pass user's facebook access token, which authenticates the user. What's best practice for passing this token?
maybe as a parameter behind the HTTP question mark
GET /api/users/123/profile?access_token=pq8pgHWX95bLZCML or somehow in the header of the request, similarly to HTTP basic authentication
GET calls as well, so JSON wouldn't fit there I think)
736
You can learn more about obtaining a user access token by implementing Facebook Login for Android. You can retrieve the user access token by inspecting Session. getCurrentAccessToken .
Web OAuth Login settings enables any OAuth client token flows that use the Facebook web login dialog to return tokens to your own website. This setting is in the Products > Facebook Login > Settings section of the App Dashboard.
If you look at the API endpoints provided by all popular OAuth providers (Google, Facebook, Pocket, Git etc), you'd see that they all have HTTPS endpoints.
The ways in which you can pass an access token to the provider are -
i) As Query Parameter -
https://yourwebsite.com/api/endpoint?access_token=YOUR_ACCESS_TOKEN
ii) In the request header -
GET /api/users/123/profile HTTP/1.1 Host: yourwebsite.com Date: Tue, 14 May 2013 12:00:00 GMT Authorization: <YOUR_ACCESS_TOKEN> These two are approaches that are generally supported by most APIs. You can think of doing the same.
iii) Pocket API does not use GET at all. They use POST for all their requests, even for retrieving data. Check this link to see their documentation. Notice that they use POST for retrieving data and pass JSON parameters.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
