What is the use of challenges in basic authentication checking when the api can just check the authenticatio headern with the database whenever the request is made. Please enlighten me.
Asked
Active
Viewed 285 times
1 Answers
0
You own need the authorization header when the header I missing or if the sent username and password are not correct.
In that case you want to let the caller know how to authenticate (what scheme to use) and for which realm.
You can find more information here: https://www.rfc-editor.org/rfc/rfc2617#section-3.2.1
