Stack Overflow
Stack Overflow

Questions tagged [restful-authentication]

Questions about authentication for RESTful services.

Services designed using REpresentational State Transfer architecture must often authenticate clients. How best to do this can be a complex topic, as in true REST each client request to the server will contain all the information necessary to complete it (including authentication).

Resources

1447 questions
12
votes
2 answers

Resource level authorization in RESTful service

Let /users/{id} be a resource url in RESTful service. Basic authentication is enabled and only authenticated users are allowed to access the url. Example Scenario: User_1 & User_2 are authenticated users with userId 1 & 2. Since both are…
Barath
  • 265
  • 1
  • 5
  • 12
12
votes
3 answers

RESTful frameworks for Android, iOS...?

My company is reworking its API and wants to make everything RIGHT for this time ;) Thats the setup... We are delivering data to clients over the internet. Clients are mobile handsets like iPhone, Androids, J2ME, Blackberry... The server is coded…
OneWorld
  • 17,512
  • 21
  • 86
  • 136
12
votes
3 answers

How to design URL to return data from the current user in a REST API?

I have a REST based service where a user can return a list of their own books (this is a private list). The URL is currently ../api/users/{userId}/books With each call they will also be supplying an authentication token supplied earlier. My…
ADringer
  • 2,614
  • 36
  • 63
12
votes
1 answer

Symfony2 authentication via 3rd Party REST API

I'm writing an application using Symfony2 which will interface with the Wordnik REST API. Currently, the Wordnik API does not offer OAuth capabilities, so I have to accept a username and password which I'll then transparently pass to the API…
Daniel B.
  • 1,650
  • 1
  • 19
  • 40
12
votes
3 answers

How to get Remote / Client IP address using RESTful web service in java?

I have written Rest web service in my project.The web service call may come from different machine.so i need to find out the IP address through REST webservice. From this link request.getRemoteAddr() to use this. But i cant use getRemoteAddr().…
Ami
  • 4,241
  • 6
  • 41
  • 75
11
votes
2 answers

RestTemplate with Basic Auth in Spring 3.1

We were using RestTemplate with xml configuration in Spring 3.0 and it was working perfectly fine.
Abhijith Prabhakar
  • 1,325
  • 3
  • 12
  • 24
11
votes
3 answers

How do I secure REST calls I am making in-app?

I have an application that has a "private" REST API; I use RESTful URLs when making Ajax calls from my own webpages. However, this is unsecure, and anyone could make those same calls if they knew the URL patterns. What's the best (or standard) way…
Matt Norris
  • 8,596
  • 14
  • 59
  • 90
11
votes
4 answers

Setting Up Postman for API Testing When Using Passport Authorization

I am a bit confused while trying to get Postman to work when testing the API of my application. Namely, I am using Passport authentication; however, I do not know which type it defaults to or uses in my code. How can I figure this out and which type…
MadPhysicist
  • 5,401
  • 11
  • 42
  • 107
11
votes
1 answer

How exactly does Json Web Token (JWT) reduce the man-in-the loop attack?

I am trying to understand JWT, and surfing various resource on web. I found the code showing how to check whether JWT is tempered -- this is a great one and I understand it. However, I don't understand how JWT won't be used by a middle-man who can…
chen
  • 4,302
  • 6
  • 41
  • 70
11
votes
4 answers

How to uniquely identify your Android app for rest API

Is there a way to uniquely identify my Android App in Java code? Maybe some combination of the package name and something else? I know there is a way to identify a unique Android device, but that is not what I am looking for. I want to be able to…
Micro
  • 10,303
  • 14
  • 82
  • 120
11
votes
1 answer

What is the best way to implement a token-based authentication for restify.js?

I'm trying to build a RESTful api with restify.js, but I don't want to expose the api to everyone. And I'm going to use token-based authentication. The process in my mind is like this, I'm not sure whether it is reasonable. the user send…
user2440712
  • 719
  • 2
  • 9
  • 16
11
votes
1 answer

REST authentication and HMAC/private key (when do I set it?)

I've been toying around with a simple application idea the last couple of days as I'm trying to teach myself the basic of REST authentication. So far I've gathered that the best way to do this is with an implementation of HMAC like the one used by…
jfrobishow
  • 2,897
  • 2
  • 27
  • 42
11
votes
1 answer

Codeigniter auth key for REST service

I'm writing a simple RESTful service, using Phil Sturgeon Rest Server. I want to protect my methods by using the API key provided with this library. Unfortunately, this is not very well documented and I'm a bit lost. I want to authenticate users…
jose
  • 2,733
  • 4
  • 37
  • 51
11
votes
1 answer

Possible to have a NodeJS app under iisnode authenticate with ASP.NET FormsAuthentication?

1) We have a NodeJS app that we need to host under IIS 7.5/Win2k8 R2. 2) We have other apps that already use ASP.NET FormsAuthentication. 3) The users that will use the NodeJS app are the same users as existing apps' users. So we put…
offthemesh
  • 111
  • 3
10
votes
3 answers

RestTemplate basic or digest Authentication with the current httpclient (4.x)

I'm trying to do Digest mostly (or Basic) Authentication using RestTemplate and httpclient (4.x). Since I couldn't find any relevant examples of how to actually do this, I have attempted various ways to hook the various httpclient artifacts, with…
Eugen
  • 8,523
  • 8
  • 52
  • 74
1 2 3
96 97