I am trying to create a Rest Api using a token based Authentication.
Is there any best practice in passing credentials from client to server for generating the token. As a HTTP Header or as a JSON String in post body?
I have been searching around but was not able to find any concrete answers.
Don't try to reinvent the wheel. For a good starting point look here: best-practices-for-securing-a-rest-api-web-service
For my API implementation and my needs, I choose a simple BasicAuth (send credentials with the header) and any other tokens, and security related data I added to the JSON payload with each request. Dont forget to set SSL as mandatory.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With