Answer the question
In order to leave comments, you need to log in
How to implement the API correctly?
Good day. Please tell me the logic of how to correctly implement authorization and interaction through the API. The initial data is as follows: 1) there is an authorization server where user data is stored; 2) there is a service server that provides certain services, which must use authorization from the authorization server, moreover, this service must know a minimum of information about authorization in order to avoid abuse; 3) client - browser or application. The question is as follows - How will it be correct to build the authorization logic step by step?
Answer the question
In order to leave comments, you need to log in
If I understand everything correctly.
1. Make a request from the client to the authorization server
2. In case of successful authorization, make requests from the authorization server to the service server.
3. On the service server, we check the correctness of the request and through the authorization service we transfer data from the service server to the client))
Well, or you can get confused with jwt and after authorization send it to the client, and send it from the client to the service server along with the request, and send the service server this token for verification in the authorization service and, if it is valid, send data from the service to the client
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question