K
K
Kolya Vantukh2021-10-22 16:38:30
PHP
Kolya Vantukh, 2021-10-22 16:38:30

How to properly set up authentication for rest api?

I used to have experience writing rest api for spa applications. Everything is simple there, the client accesses the /login route by login and password, and if the data is valid, the server issues a token to the client, which the client then sends to the server in headers. But what about the situation when there is no /login route? Those. the client does not have the possibility of self-registration to obtain a login and password. It turns out that the server needs to somehow generate a login and password for the client in advance and then send them to him to receive a token? Or should the server itself generate a token for the client and then the client must send this token with each request? Help me to understand

Answer the question

In order to leave comments, you need to log in

2 answer(s)
N
nokimaro, 2021-10-22
@vkolya

As a rule, if there is a certain personal account, then the user can log in to it and generate a token / api-key that you bind in the database to the user and use it to authorize the client when accessing the api. The client can use this api-key to work with api
1. log in to your account
2. get an api key
3. use this key to work with api
ps if you choose this path, do not forget to give the user the opportunity to reissue the api-key in case it leaks or compromises.

R
Rsa97, 2021-10-22
@Rsa97

Is this your service? Then what's stopping you from adding the /login route?
If not yours, then you should read the documentation and see how the client is authenticated.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question