passing http basic auth credentials with backbone.js securely

Question

I have a test REST api and backbone application up and running. The problem is that I need to send api login credentials with every api call from backbone. This in itself is not the problem, but it means that I have to store the api login credentials in the javascript code in my backbone.js. So if someone was curious they could just look at the backbone/javascript code and see the api credentials.

But at the same time, I understand to follow REST principles, all api calls should include login information so as to not carry over any state from previous calls. How is this addressed with backbone? I hope that it is not with sessions on the server, because that would be against REST.

I haven't been able to find much info on this topic so I may be way off.

score 0 · Answer 1 · answered Feb 18 '14 at 09:42

0

Why sessions on the server would be against REST ?

The first time you connect to the server you create a session on the server and associate it with an unique token that you send to the client as a cookie.

So in every call to the server the client send the token he get when he authenticate, thus his credentials wouldn't be exposed.

answered Feb 18 '14 at 09:42

Rida BENHAMMANE

4,111
1
14
25

http://stackoverflow.com/questions/6068113/do-sessions-really-violate-restfulness – Gilberg Feb 18 '14 at 15:26
Look at the second answer ;) – Rida BENHAMMANE Feb 18 '14 at 15:55

passing http basic auth credentials with backbone.js securely

1 Answers1