Backend Development

Implementing an authentication system in REST APIs?

Submitted by Carb0n, , Thread ID: 74983

Thread Closed
12-02-2018, 08:03 PM
This post was last modified: 12-02-2018, 08:27 PM by Carb0n
#1
Hello guys, i'm currently writing some REST APIs, but i can't get to create an authentication system( i want to avoid OAuth as it's too much for what i'm doing).

What i'm trying to do is basically:
Create a Login/logout API like: /api/v1/login and api/v1/logout
In these Login and Logout APIs, perform the authentication with your user store
The outcome is a token that is sent back to the client (web, mobile, whatever)
From this point onwards, all subsequent calls made by your client will include this token
Let's say your next call is made to an API called /api/v1/findUser
The first thing this API code will do is to check for the token ("is this user authenticated?")
If the answer comes back as NO, then you throw a HTTP 401 Status back at the client. Let them handle it.
If the answer is YES, then proceed to return the requested User

But i don't know how to handle the token and how to generate it.

Does the user need to know about it?

If i'm going to use this APIs onto a website, the token will be a trouble? i mean i'll have to care about it?
we are all supposed to think of reasons to live

RE: Implementing an authentication system in REST APIs?

#2
You have to make it connect up to your database and verify user credentials just like you would for a normal php authentication script.

RE: Implementing an authentication system in REST APIs?

#3
You can add in an APIKEY function that user can then set within their user profile - this can then be ran as "if API_KEY is blank then exit - else login and continue session"

Users browsing this thread: 1 Guest(s)