web services - How should I handle authentication in my REST API? -
I am new to this, but I am trying to do what I am trying to do .
I have a list of products and there are various personal information that my users want to be able to access through their website. For example:
User-A has an e-commerce site and they want to sell my business. They will be able to access details of certain products through a web service. They will also be able to see the rate of conversation which I have given them with some other personal details.
How will the API handle how to authenticate the request coming from a user's website?
I am studying different certification methods all day, but they all roam to reach specific user information around the idea of third parties. One example is if you want to use your Twitter profile. In that case, third-party sites have to manage several different users and authentication tokens. In our case, my user's website is talking to the user. I hope this makes sense. Users call A "Alice" because they are cumbersome to make User-A calls.
P> Explain Alice's website in the same way as if she was herself a special pricing and for such a web site in question Specific, therefore this log in to your site will use the problem credentials to authenticate with the person who develops that site, and then use those credentials for pricing and your Of products shown by Will Dharn.
For the actual authentication mechanism, it depends on your needs, if you need to provide different data to different people, then you have a simpler form of API Token in the query string. You can do something like: http://api.example.com/products?key=9af4d8381781baccb0f915e554f8798d
Or if Alice already has a username and password for your site , You can use it with your original at your API requests.
If Alice has to enter its account information on different sites that it does not control, then the Auto comes in very handy. With that, you can essentially give it an API key for every site to reach its API. And you allow them to delete those API keys and deny those sites access.
Comments
Post a Comment