I am new to the concept of Restful API’s.
I am designing a restful api for an online store.
I have not properly understood the concept of basic http authentication over ssl.
Does that mean, for every request, the user will have to enter his/her username and password again?
Can somebody please explain in detail how it functions and how is it meant to be used?
Thanks in advance.
asked Oct 12 ’13 at 9:47
Kanishk DudejaKanishk Dudeja
1,06522 gold badges1111 silver badges2929 bronze badges
Basic authentification is just a standard HTTP header with the user and pass encoded in base64 :
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
(http://en.wikipedia.org/wiki/Basic_access_authentication) .If you authenticate your rest API calls by this header over a non ssl conection, the problem is that any man in the middle can decode your username and password from your auth header.
To make sure that your password is sent securely , instead of a normal HTTP connection you must use HTTPS . The only difference between HTTP and HTTPS is that HTTPS is using the SSL/TSL security protocol over TCP/IP instead of plain TCP/IP.
Now this has the drawback that establishing a HTTPS connection is more expensive on the cpu than normal HTTP connection.
It is very clear that If you want to authenticate your rest calls on every request with this header you should make your rest API only available to HTTPS connections.
6,24922 gold badges1919 silver badges3636 bronze badges
answered Oct 12 ’13 at 10:22
Ovidiu BuliganOvidiu Buligan
2,5322020 silver badges3232 bronze badges