Stack Overflow
Stack Overflow

Questions tagged [restful-authentication]

Questions about authentication for RESTful services.

Services designed using REpresentational State Transfer architecture must often authenticate clients. How best to do this can be a complex topic, as in true REST each client request to the server will contain all the information necessary to complete it (including authentication).

Resources

1447 questions
29
votes
4 answers

HTTP Client based on NodeJS: How to authenticate a request?

This is the code I have to make a simple GET request: var options = { host: 'localhost', port: 8000, path: '/restricted' }; request = http.get(options, function(res){ var body = ""; res.on('data', function(data) { body…
João Pinto Jerónimo
  • 9,586
  • 15
  • 62
  • 86
29
votes
1 answer

Custom Authorization Header

I know there is enough content for this question on the Stack Overflow but my subject is not the same as the others. ( Kinda the same but not equal ) I want to hear the community thoughts of what I doing and to see if I can improve somewhere or…
Igor Morse
  • 657
  • 2
  • 8
  • 20
29
votes
6 answers

Rest - how get IP address of caller

I am writing a Java Rest Web Service and need the caller's IP Address. I thought I saw this in the cookie once but now I don't see it. Is there a consistent place to get this information? I saw one example of using an "OperationalContext" to get it…
Wanderer
  • 1,583
  • 4
  • 20
  • 36
28
votes
3 answers

HTTP 401 Unauthorized or 403 Forbidden for a "disabled" user?

An authentication service allows user accounts be disabled (a sort of soft-delete). If the server then receives an authentication request for a disabled user that would otherwise be valid, should the server return 401 or 403? With either status…
Dolph
  • 49,714
  • 13
  • 63
  • 88
27
votes
3 answers

How to design authentication and authorization system for REST backend / Ajax front End Application

I am starting a new project where we are planing to build a restful back end and an AJAX font end. I am approaching the problem by focusing on Identifying all the resources that I have and what the various HTTP verbs will do them, their URI and the…
ams
  • 60,316
  • 68
  • 200
  • 288
27
votes
2 answers

Adding headers to postForObject() method of RestTemplate in spring

I am calling web service using below method. ResponseBean responseBean = getRestTemplate() .postForObject(url, customerBean, ResponseBean.class); Now my requirement got changed. I want to send 2 headers with the request. How should I do…
Sadashiv
  • 387
  • 1
  • 6
  • 17
27
votes
1 answer

How to implement 'Token Based Authentication' securely for accessing the website's resources(i.e. functions and data) that is developed in PHPFox?

I want to use methods and resources from the code of a website which is developed in PHPFox. Basically, I'll receive request from iPhone/Android, I'll get the request and pass to the respective function from the PHPFox code, take the response from…
PHPLover
  • 1
  • 51
  • 158
  • 311
26
votes
4 answers

Best way to secure Private REST API without user authentication for mobile app

I am making some Restful APIs for my mobile application. The communication between APP and webserver has to be made in REST. These apis should be private , and only my app should able to call them for successful results. The tough part is, there is…
wolvorinePk
  • 1,760
  • 5
  • 36
  • 67
26
votes
1 answer

Authenticating mobile users against SAML IDP

I am looking for a solution for - authenticating mobile-app users against SAML IDP, and have got some basic queries (I am new to SAML, OAuth :) ) In this scenario, the flow could be like the mobile user will be authenticated by IDP, the SAML…
nshweta
  • 499
  • 2
  • 7
  • 19
26
votes
4 answers

RestSharp - Authorization Header not coming across to WCF REST service

I am trying to call a locally hosted WCF REST service over HTTPS with basic auth. This works and the Authorization header comes thru just fine and all is happy: ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertficate; var…
Chris Hawkins
  • 808
  • 1
  • 7
  • 22
26
votes
2 answers

How to use OpenID or OAuth for internal first-party authentication?

I am working on an internal authentication system for users of a set of of RESTful web applications. Our intention is that a user should be able to sign-on once via a web form and have appropriate access to all these RESTful applications in our…
Richard
  • 423
  • 1
  • 4
  • 8
24
votes
5 answers

Why is form based authentication NOT considered RESTful?

Although I "think" I understand it I need some clarity. With PURE Restful authentication, things do get a bit unwieldy and using forms helps a lot with the UI of the application (i.e., get to have separate login page, forgot password links, easier…
PhD
  • 11,202
  • 14
  • 64
  • 112
24
votes
2 answers

How to build a secure and RESTful service in PHP?

I'm building an application system which consists of a server part "in the cloud" and a client part, e.g. an iPhone or Android app or a web browser. Server side is implemented in PHP (LAMP) and is today a very simple server with a number of…
Steve
  • 241
  • 1
  • 2
  • 3
24
votes
6 answers

Is the Twitter API *really* RESTful?

Along with half of the web developer community, I've been struggling to really and truly grok the REST style. More specifically, I've been trying to form some opinions on how practical a pure RESTful architecture really is between a web browser and…
jmar777
  • 38,796
  • 11
  • 66
  • 64
24
votes
4 answers

RESTful API without ID in the URL

I have been discussing the best way of doing this with one of my colleagues Here's an example scenario: I'm trying to GET all orders for a Customer with ID of 1234. Consider the following endpoint: /customer/orders With a GET request, with the…
Alex
  • 37,502
  • 51
  • 204
  • 332
1 2
3
96 97