I have been looking on a lot of questions about REST API and security and found some interesting informations but there is still one thing I don't understand.
So, I have a REST API developped with Zend Framework with basic authentication over an https channel (so if I understoud what I have read, the login/password are encrypted when they are sent). The purpose of this API is to be called by Android/iPhones apps and will only be available to people who have a login and a password
SO, currently, to call the API, the login and password are always sent with the call and so, I check them at every call (the result is it makes a call to the database just for authentication at each call to the API).
Is there some kind of session management (as in web developpement) to avoid that?
Thank,