How to save user credentials in Rest API?

Question

I'm going to make a Rest API, this working in the following way:

user send an header with a token string
api check if the token is valid and if are available in a xml file
if yes, in this xml file I return the connection of database (there is also information about the user)
now I want store somewhere the information of the user that's performing the transaction

I thought to the header but how I can store some information on the header? There is also another way?

You may use the session (`$_SESSION`). What have you tried so far? — phaberest, Feb 19 '16 at 08:20

score 0 · Accepted Answer · answered Feb 19 '16 at 08:23

0

If the validity of token is too long. You can use redis to save the user info corresponding to the token. Something like this. Further you can simply query using token to get user object.

{token : {user Object}}

You can write delete token script for deleting expired tokens.

answered Feb 19 '16 at 08:23

NeiL

791
8
35

Actually I already pass the token in the header.. I want store information somewhere of the current user logged in as: `Username - last name etc...` – Sevengames Xoom Feb 19 '16 at 08:25
You want to store user info on client side or server side? – NeiL Feb 19 '16 at 08:33
In my opinion you should not store user state in api. The whole concept of rest api is that it should be stateless. Further request should not know the info about last user. Further read http://stackoverflow.com/questions/6068113/do-sessions-really-violate-restfulness – NeiL Feb 19 '16 at 08:41

How to save user credentials in Rest API?

1 Answers1