Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Machine to machine REST authentication

Tags:

rest

authentication

If you have multiple RESTful web services running on different subdomains (accounts.site.com, training.site.com, etc) what is a good authentication mechanism when one service needs to consume another?

Human authentication is easy because they supply their login credentials and get back a JSON Web Token which is then sent with every request to authenticate them.

A machine having a username and password just seems odd so I was wondering what are some proven ways of solving this problem?

like image 408
ibanore Avatar asked Dec 14 '25 06:12

ibanore

1 Answers

It depends on... From the service perspective the other service is just a REST client, so let's stick with these terms.

  • If you want access different user accounts with your REST client, then you must register your client by the service and you will get an API key. The user can give privileges to that API key, so you can do things in the name of the service users if they allow it.
  • On the other hand if your client wants to access only its own account, then it is just a regular user of the service and it can have username and password just like the other users.
like image 123
inf3rno Avatar answered Dec 16 '25 00:12

inf3rno
Sign in to Comment

Related questions

Spring Boot - When I call API, its gives 404 error
How to get data from external API to Django Rest Framework
HTTP method to use when processing client data to produce output
How to apply filter to get specified data from data.gov.in api?
How do I make a PUT request from fetch to my go API?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!