Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
SONce2020-09-29 23:09:09
API
SONce, 2020-09-29 23:09:09

What is stateless in http api?

I am developing an api service (for personal needs), a question arose to which I can not find an answer.

What is REALLY a stateless api. By definition, it is clear that in order to form a response, the request must have all the data. But HTTP in itself is a stateless...

On a real example:
The client sent a login/password/cat_photo to /api/auth and received in response a certain token with which he can perform requests. So far so good and beautiful.

But here the client sent a request, it has a token.
How to check this token? Store somewhere in the cache token = user_id? Isn't this a state? And if not, how is it different about the same session? And from cookies?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
Dmitry Roo, 2020-09-29
@xez

HTTP is a data transfer protocol. API, Stateless, etc - this is not his level.
You probably mean REST.
Wikipedia has a description exactly on your question: https://ru.wikipedia.org/wiki/REST#2._%D0%9E%D1%82...

Report
R
Rsa97, 2020-09-29
@Rsa97

How to check this token? Store somewhere in the cache token = user_id?
The token can be made self-sufficient. For example, a JWT contains a header (type of token, signature algorithm), payload (user id, rights, service information) and a signature.
When issuing a token, the server calculates the signature for the first two parts, encrypts it with its own key, and attaches it to the token.
Upon receiving the token, the server again calculates the signature for the first two parts and checks it against the decrypted signature from the token. If the signatures match, then the data from the payload can be trusted.
When using asymmetric encryption, the token can be issued on one server encrypted with a private key, and verified on another server using a paired public key.

Report
S
Sergey delphinpro, 2020-09-30
@delphinpro

Stateless should be understood exactly as it sounds - stateless.
Those. the server does not remember you, with each new request you must tell it who is requesting the data. In the usual case, this is a JWT token. It contains information about the current user. As Rsa97 already said , the token is self-sufficient. At least on Wikipedia, as a maximum, in a bunch of articles on the Internet there is information on how this token is created and how this token is validated. If you are using any framework, then you already have abstractions ready for handling tokens or completely for token-based authentication.

Similar questions
K
Kirill Kudryavtsev2018-09-01 15:44:10
Where can you take a large number of attractions, places? 2Reply
A
Alexey Shavrak2014-01-23 18:22:34
YouTube API. How to get channel video? 1Reply
X
XimerrA2020-08-07 01:53:35
Laravel geocoding api how to check if address exists? 1Reply
L
Londeren2014-01-27 13:53:47
Yandex.Metrica: why aren't goals created via the API? 1Reply
A
ASiD2018-09-06 08:23:19
How to get the address and working hours through the VKontakte API? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question