Can I use a session identifier in a REST API?

Asked Jan 19 '18 at 08:38

Active Mar 20 '18 at 19:01

Viewed 41 times

I need to develop a client that communicates with a server via a REST API. At the moment, the log in is going on like this:

The client sends a connection request via an URL of this type:

URL:

/api/username/password/

The server returns a session identifier:

JSON:

{
  "request_status": "OK",
  "token": "1234567890"
}

Then, the client have to send this token in every futures requests like this:

URL:

/api/1234567890/...

I can't figure out whether this operation complies with the stateless principle of the REST standard. I thought it didn't respect the stateless principle, but I can't explain it to myself clearly and that answer in another StackOverflow thread (especially at the end where he talks about authentication) put me in doubt.

edited Mar 20 '18 at 19:01

ROMANIA_engineer

54,432
29
203
199

asked Jan 19 '18 at 08:38

Jeankowkow

1

The fact that you have a server-side session makes the server stateful, thereby "RESTless". – deceze Jan 19 '18 at 08:52
Ok, thank you for that clarification. – Jeankowkow Jan 19 '18 at 14:23

Can I use a session identifier in a REST API?

0 Answers0