How to organize authorization in REST API?

K

Klein Maximus2016-01-19 16:52:16

API

Klein Maximus, 2016-01-19 16:52:16

Hello.
The approximate architecture is as follows:
1) REST API service
2) The site is public - everyone has access, there is a personal section with access only for a specific user
3) Admin panel - only admins have access, but their rights may be different
4) Mobile application - personal functions section on the site.
Esteemed here - How it is better to organize access to REST API - understanding did not increase.
Please advise how to correctly and uniformly (so that the process is the same on the site and in applications) to carry out authorization in the API service?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

P

Peter, 2016-01-19
@petermzg

1. Pass the login/password to site.com/login
2. Get the session ID
3. In all subsequent requests in the header area of the http request add a header with the session ID,
for example (authorization: ZGNkOTU3NGZiODkwZTI3OTY1ZmE4M2ExNDllYWQyMTg=)

N

Nikita Gusakov, 2016-01-19
@hell0w0rd

jwt.io

M

Marcuzy, 2016-01-21
@Marcuzy

You can try OAuth and not reinvent the wheel, I liked how it is written here https://www.digitalocean.com/community/tutorials/a...