0

While creating REST API, what is the best practice to use authentication token. API should except the authentication token in url itself or in HTTP-HEADER. What is the best place for the authentication token and why?

Improve this question

1 Answer 1

Reset to default
1

Best practice is to check out one of the common authentication protocols and probably use an existing stable implementation of it.
OAuth2 is the obvious choice - http://oauth.net/2/

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I do agree with you. But there we must have do it by this way. So we don't have choice.
In any case, sending the token as a parameter in the URL is less secure since there's a good chance it will be logged somewhere along the way (on the web server, proxy server etc.).

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.