Four Most Used REST API Authentication Methods
"upstart" writes:
Submitted via IRC for SoyCow7671
Four Most Used REST API Authentication Methods - DZone Security
While there are as many proprietary authentication methods as there are systems that utilize them, they are largely variations of a few major approaches. In this post, I will go over the four most used in the REST APIs and microservices world.
Authentication vs. Authorization
Before I dive into this, let's define what authentication actually is, and more importantly, what it's not. As much as authentication drives the modern internet, the topic is often conflated with a closely related term: authorization.
The two functions are often tied together in single solutions, but the easiest way to divide authorization and authentication is to ask: what do they actually state or prove about me?
Authentication is when an entity proves an identity. In other words, Authentication proves that you are who you say you are. This is like having a driver's license that is given by a trusted authority that the requester, such as a police officer, can use as evidence that suggests you are in fact who you say you are.
Authorization is an entirely different concept and in simple terms, Authorization is when an entity proves a right to access. In other words, Authorization proves you have the right to make a request. Consider the following - You have a working key card that allows you to open only some doors in the work area, but not all of them.
Four Most Used Authentication Methods:
- HTTP Authentication Schemes (Basic and Bearer)
- API Keys
- OAuth (2.0)
- OpenID Connect
Read more of this story at SoylentNews.