Questions about API

Asked

Viewed 33 times

1

To make some requests to the API it is necessary that you are logged in to the site. However, I had no idea how to do this, as I knew that API has no sessions. So, I did a search and found the access tokens (API Tokens) and implemented in my application. Basically, at the end of the login, a token was generated that was saved in db, and later when a request was made to the API, it was compared to what was sent in the parameters and what was in the database for verification. A friend warned me that was gambiarra and also I realized that some companies do not use this method.

What would be the most correct method to solve this problem? Using JWT would be a good?

1 answer

0

Yes, JWT is an approach that is on the rise. The point is that JWT is an Open specification of encoding/decoding of JSON tokens. By itself it does not define how you will use.

The cool thing about JWT is that you don’t need a database and with that for an authentication model only using encryption you can validate the access thus really leaving your stateless API.

Another widely used approach is the Oauth protocol, as there are many providers and many applications that make use of authentication using third-party resource providers such as: Facebook, Linkedin and Google.

For more information:

Oauth Facebook JWT

Browser other questions tagged

You are not signed in. Login or sign up in order to post.