The Auth Schemes of REST
The different ways to protect data at rest and in transit
The user’s data is the underlying currency that is driving the API economy. Like any currency, it needs to be handled with care and transported with extreme caution to prevent theft.
Different devices and platforms have different vulnerabilities.
The desktop at home is not as vulnerable as the mobile phone. It’s easier to lose a phone. Someone can get access to the local files stored by mobile apps. This changes the authentication and authorization flow for mobile apps.
Similarly, for single page web apps (SPA), the entire Javascript can be viewed as a source. Storing credentials as part of the local data storage in a SPA is not a good idea.
There are multiple ways to authenticate depending on the device and the usage. The ways of authenticating are called schemes.
There is no one way to secure an API that fits all situations. But, you can learn the schemes, study how the biggest social networks are dealing with it and find out the industry standard; then apply it to your project in the way you see fit.
The 4 main schemes of REST API authentication are-
- Basic Authentication
- Token Based Authentication
