0

I am in the process of making a restful API for a product that I work on. But I dive head first, I would like to double check a few details.

Authentication

Authentication is done on the API side of the system, the client sends a username and password to the server (API) and the API responds with either a token, or an exception does that sound correct?

Cycs
  • 229
  • 1
  • 5
  • 15

1 Answers1

0

I think its ok, but i suggest you check this out :

https://stormpath.com/blog/secure-your-rest-api-right-way/

Hope it helps!

Martin Andreev
  • 153
  • 5
  • Thanks for the link I like the look of oAuth2 but I understanding is that it is used for intergration of 3rd party logins (like logging into stackexchange from a google account). Can I use oauth2 to use my own authentication methods? – Cycs Jul 22 '14 at 14:16
  • The fastest way is just to modify the simple-autentiation class, to instead of a json fetch the users from the database. Search for : ** public function verify()** in the SimpleAuth.php file – Martin Andreev Jul 22 '14 at 14:26
  • Also here is a useful tutorial again with oAuth http://www.glenscott.co.uk/blog/securing-php-rest-api-oauth/ – Martin Andreev Jul 22 '14 at 14:30