Sending token via header or param

Asked

Viewed 531 times

0

I’m using the JWTAuth to perform token creation for my API.

I saw that at the time of the request I can send the token in the header or via param.

I understand that by sending via header the token accompanies the request in a "transparent" way, resulting in a more friendly appearance.

However, apart from the appearance of the request, there is some other reason why I choose between one or the other form?

Any difference in performance? Or a greater fragility in security? For example.

1 answer

1


In practice, nothing prevents you from passing the token through the header, request body or query string.

According to the RFC7519 the sending pattern of the token is through the Header Authorization or query string (eg accessToken=my token).

So:

However, apart from the appearance of the request, there is some other reason why I choose between one or the other form?

Choose the standard already set so that other developers who are going to maintain your system or do some kind of integration do not need to guess where the token is sent.

Any difference in performance? Or greater fragility in safety?

No difference in performance. For security, ensure a strong secret key for token signing, don’t put sensitive data on the payload, and also use SSL in your api.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.