Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday August 12 2019, @09:33AM   Printer-friendly
from the who-are-you-again? dept.

Submitted via IRC for SoyCow7671

Four Most Used REST API Authentication Methods - DZone Security

While there are as many proprietary authentication methods as there are systems that utilize them, they are largely variations of a few major approaches. In this post, I will go over the four most used in the REST APIs and microservices world.

Authentication vs. Authorization

Before I dive into this, let's define what authentication actually is, and more importantly, what it's not. As much as authentication drives the modern internet, the topic is often conflated with a closely related term: authorization.

The two functions are often tied together in single solutions, but the easiest way to divide authorization and authentication is to ask: what do they actually state or prove about me?

Authentication is when an entity proves an identity. In other words, Authentication proves that you are who you say you are. This is like having a driver's license that is given by a trusted authority that the requester, such as a police officer, can use as evidence that suggests you are in fact who you say you are.

Authorization is an entirely different concept and in simple terms, Authorization is when an entity proves a right to access. In other words, Authorization proves you have the right to make a request. Consider the following — You have a working key card that allows you to open only some doors in the work area, but not all of them.

Four Most Used Authentication Methods:

  • HTTP Authentication Schemes (Basic and Bearer)
  • API Keys
  • OAuth (2.0)
  • OpenID Connect

Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Monday August 12 2019, @10:57PM

    by Anonymous Coward on Monday August 12 2019, @10:57PM (#879402)

    Which authentication method do Soylentils prefer when consuming an API?