Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

REST user authentication

Tags:

rest

javascript

authentication

php

OK... the basic idea is to have SERVER and CLIENT physically separated (two systems).

My idea is to build a stand-alone web service (REST, XML, API-KEY) that will provide

  1. Authentication: User login, logout
  2. Data: Get list of products

Then I will create clients in different languages (Flash, PHP, JavaScript). Data will be served only to authenticated users.

Tipical communication for user to get list of products will be:

  1. (1 request) Login / start session
  2. (1 request) Get list of products
  3. (1 request) Get list of products
  4. ...

OK... Now the problem I have is the user session. Say we want to build Javascript client, we actually have to create PHP client that will communicate with REST (PHP knows about REST API-KEY) and will forward info to Javascript (CLIENT) right? User will login through PHP to REST server right and then request data through PHP to REST server?

Questions:

  • Now how does PHP store info about opened user session on REST server?
  • If my idea is bad, what is the right way of implementation?
  • Alternatives?
like image 951
xpepermint Avatar asked Sep 21 '09 09:09

xpepermint

People also ask

How do I authenticate a user in REST API?

Users of the REST API can authenticate by providing a user ID and password to the REST API login resource with the HTTP POST method. An LTPA token is generated that enables the user to authenticate future requests. This LTPA token has the prefix LtpaToken2 .

What is rest authentication?

For e.g. while logging into your email account, you prove that you are you by providing a Username and a Password. If you have the Username and the Password you are who you profess to be. This is what Authentication means. In the context of REST API authentication happens using the HTTP Request.

What type of authentication is used in REST API?

One of the most common authentication methods used by REST APIs is username and password authentication. There are several different types that use a username and password but the most common one is HTTP Basic authentication.

1 Answers

A RESTful interface does not store any information about a particular user's session. It is the client's job to maintain the information about what it is doing.

Authenticate the user on every request by providing information in the Authorization HTTP header. IF this becomes a performance problem, then look at alternative solutions to optimize perf.

like image 164
Darrel Miller Avatar answered Sep 21 '22 06:09

Darrel Miller
Sign in to Comment

Related questions

Passing variables and data through a regular web page link?
Does this function exist in PHP?
When and How to use Multiple MySQL Queries with PHP (PDO)
php: remove excess <br> and tags from a string
Cookies are Not Being Set Properly in PHP Script
How to select value of adjacent hidden input with Jquery?
In symfony, how to set the value of a form field?
Is it dangerous thing to view access log without sanitizing via web browser?
PHP Error handling
Get HTML page <input> values and names using regex on PHP
Get a URL from a String
combinations: avoiding multiple nested foreach
Adding support for i18n in PHP with gettext?
How to debug a PHP application?
UTF-8 validation in PHP without using preg_match()
Naming conventions for function parameter variables?
Linux: Library to write ID3v2 data and cover art
PHP Doctrine SoftDelete - Include deleted records?
Use regex/php to read text inside quotations
Echo/print a jpg-image with php, for safety?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!