L
L
Lexxtor2017-02-22 02:51:46
API
Lexxtor, 2017-02-22 02:51:46

How to make normal authorization in API?

There is a REST API, you need to do authentication. I think like this:
The user sends a login and password, he is given a token .
Further, it sends this token with each request to the API.
It seems like it’s bad to pass it in the GET parameter, since it will be saved in the logs. No more cons?
What is the essence of HTTP Bearer token?
It looks like this:
Authorization: Bearer 12312313212313
Sometimes, instead of "12312313212313", a long string is transmitted, in which, as I understand it, the user's role and all sorts of parameters are encrypted. That is, theoretically, a hacker can decrypt the token, change the role and encrypt it back. Is it so?

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question