Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should I pass Credentials via HTTP Header or Post body as JSON to REST Api?

Tags:

rest

security

authentication

basic-authentication

I am trying to create a Rest Api using a token based Authentication.

Is there any best practice in passing credentials from client to server for generating the token. As a HTTP Header or as a JSON String in post body?

I have been searching around but was not able to find any concrete answers.

like image 997
tpuli Avatar asked Aug 22 '16 09:08

tpuli

1 Answers

Don't try to reinvent the wheel. For a good starting point look here: best-practices-for-securing-a-rest-api-web-service

For my API implementation and my needs, I choose a simple BasicAuth (send credentials with the header) and any other tokens, and security related data I added to the JSON payload with each request. Dont forget to set SSL as mandatory.

like image 129
ThorstenC Avatar answered Sep 21 '22 19:09

ThorstenC
Sign in to Comment

Related questions

Pass String Parameters to WP REST API
Capture Response Payload in JAX-RS filter
SpringBoot @RestController, Ambiguous mapping found
Response for preflight has invalid HTTP status code 405
Retrofit with an old school service
How to write a django-rest-framework serializer / field to merge data from generic relations?
Keycloak social login rest api
Akka for REST polling
Rails API: Authenticate users from native mobile apps using username/password or facebook token
How to annotate JAX-RS on an interface while using Jersey
Spring OAUTH - different login for web e REST
Flutter with REST backend Springboot
ASP.NET Web API: OAuth service provider
Should input DTOs for RESTful endpoints match the output DTOs?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!