Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
Lexxtor2017-02-22 02:51:46
API
Lexxtor, 2017-02-22 02:51:46

How to make normal authorization in API?

There is a REST API, you need to do authentication. I think like this:
The user sends a login and password, he is given a token .
Further, it sends this token with each request to the API.
It seems like it’s bad to pass it in the GET parameter, since it will be saved in the logs. No more cons?
What is the essence of HTTP Bearer token?
It looks like this:
Authorization: Bearer 12312313212313
Sometimes, instead of "12312313212313", a long string is transmitted, in which, as I understand it, the user's role and all sorts of parameters are encrypted. That is, theoretically, a hacker can decrypt the token, change the role and encrypt it back. Is it so?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
B
bychok3002017-06-07 15:32:49
I don't receive my name and address, why? 3Reply
Q
q2mber22017-03-28 01:54:25
How to get the Yandex Direct API report? 2Reply
M
may-cat2015-03-24 16:34:22
API testing and test data - how to be? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question