0

I have created a restful service using jersey in java.The API tested with HTTP client as well. its working fine.I need to secure my API with username and password. anyone can help me out to do this.. Thanks in advance.

akash
  • 22,664
  • 11
  • 59
  • 87
user3698939
  • 9
  • 2
  • 3
  • i dont understand .. i am new to this web service . I need to set credentials without ssl . I mean only HTTP. – user3698939 Jun 05 '14 at 05:47
  • You can send Basic Auth over HTTP w/o SSL, but as it is Base64, valid credentials could be symmetrically recalculated if tapped. – Smutje Jun 05 '14 at 05:56
  • yes . I can send auth over HTTP. that i have done . how to handle it in API. I need to configure or code for set authentication in API. That i want learn and do. Thanks for response. – user3698939 Jun 05 '14 at 06:08
  • You basically have to process the Basic Auth header (as mentioned in numerous places) and check against your database/user credential store. – Smutje Jun 05 '14 at 06:25
  • thats what am asking .. am asking the sample code if possible to do such things – user3698939 Jun 05 '14 at 06:44
  • 1
    Please check SO for yourself and come back asking concrete code questions, this is no place for tutorials. – Smutje Jun 05 '14 at 06:49

1 Answers1

0

No need to send username and password every time. On just first login api send username and password to server and then server returns on key which is stored as your session key in database at server side.

You need to send this key on every api call in header, so server side they authenticate user first on each api call and then go ahead only.

That means you need to send one key (may be auto generated alphanumeric string ) which is given by server in response of login api.

Sameer Kazi
  • 17,129
  • 2
  • 34
  • 46
  • thanks for your answer. First of all i dont know how to create authendicated API. so i want to how to create API with authendication. – user3698939 Jun 05 '14 at 06:09