0

I am planing to write an API for a mobile app. To lower the barrier for first time users i do not want a login screen on the first start. So what I want is, if the app notices it is it's first start it should register itself:

/register A standard User should be generated like Name: GuestXX43, Authtoken XX43-58asda5-54asd, some additional Data

The user is now able to make other endpoint request due to its auth token. But how do I check for the correct auth token on every Request?

/user [Update] the user is also able to update his username and password to reloggin on another Device.

Which auth method will suite these thoughts, is there any doubt using this kind of auth flow?

Thanks guys

A.S.
  • 4,574
  • 3
  • 26
  • 43

1 Answers1

1

Are you using Google Cloud Endpoints? If the user credentials is set in some header, you can retrieve it in the backend via injecting HttpServletRequest in Java or check HTTP_YOUR_HEADER_NAME environment variables in Python.

Also you can try custom authenticator if you uses Java; this post can be relevant: Google Cloud Endpoints and user's authentication.

Community
  • 1
  • 1
Min Wan
  • 556
  • 5
  • 3