REST API认证 [英] REST API Authentication

问题描述

我建立这将在服务器上托管的应用程序。我想建立一个API的应用程序，以方便从任何平台（Web应用程序，移动应用）与互动。什么我不理解的是，使用REST API的时候，我们如何验证用户身份。

I'm building an application which will be hosted on a server. I want to build an API for the application to facilitate interaction with from any platform (Web App, Mobile App). What I'm not understanding is that when using the REST API, how do we authenticate the user.

例如，当用户已登录，然后要创建的论坛话题。我如何知道用户已经登录？

For example, when a user has logged in and then wants to create a forum topic. How will I know that the user is already logged in?

推荐答案

您可以使用HTTP基本身份验证。您也可以利用它的顶部SSL安全的身份验证的用户，但是，它减缓了API一点点。

You can use HTTP Basic Authentication. You can securely authenticate users using SSL on the top of it, however, it slows down the API a little bit.

OAuth是它可以得到最好的。请参考下面就如何实现：

OAuth is the best it can get. Refer following on how to implement:

<一个href=\"http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/\">http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/

这篇关于REST API认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！