1

We are building an iOS application that will use our API to interact with our existing website. The website uses standard PHP sessions to keep track of logged in users.

How do we handle user log-in in the application? Do we use sessions + session ID's as we are doing on the website or another method?

I've seen API tokens mentioned a lot but I've yet to find a solid description that explains the difference between Session ID's and API tokens, or is an API token just another name for a session ID?

Mattiavelli
  • 888
  • 2
  • 9
  • 22
paul
  • 731
  • 2
  • 9
  • 13
  • 1
    API Tokens typically authorize a particular application to interact with another application. I would imagine that you will use a single API token for the native iOS application and continue to use PHP session ids to validate if a user is logged in or out. Accomplishing this will differ depending on the application structure (for example, with a webview there would be minimal work, but you may want to link it with a text field/button, etc). I'd check out http://stackoverflow.com/questions/9148594/application-with-session-management-in-the-server-side – Mattiavelli Jul 19 '13 at 14:43
  • Why do a lot of people recommend basic auth for user authentication? – paul Jul 19 '13 at 16:13
  • If you're talking about Basic Auth through .htaccess, I couldn't really comment on why people are recommending it. I can say that Basic Auth was created by people that know what they are doing and that it probably offers a more secure login than creating one from scratch, unless you know what you're doing or need database interaction with user accounts - which may be harder to do with .htaccess. – Mattiavelli Jul 19 '13 at 16:34

1 Answers1

1

Sessions are basically for authorization when using an application after access tokens have been confirmed. This has been well covered in this post. What is an API token

Dominic Unimog Atsu
  • 311
  • 2
  • 8