Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should I pass Credentials via HTTP Header or Post body as JSON to REST Api?

I am trying to create a Rest Api using a token based Authentication.

Is there any best practice in passing credentials from client to server for generating the token. As a HTTP Header or as a JSON String in post body?

I have been searching around but was not able to find any concrete answers.

like image 997
tpuli Avatar asked Aug 22 '16 09:08

tpuli


1 Answers

Don't try to reinvent the wheel. For a good starting point look here: best-practices-for-securing-a-rest-api-web-service

For my API implementation and my needs, I choose a simple BasicAuth (send credentials with the header) and any other tokens, and security related data I added to the JSON payload with each request. Dont forget to set SSL as mandatory.

like image 129
ThorstenC Avatar answered Sep 21 '22 19:09

ThorstenC