I am new to the concept of Restful API's.
I am designing a restful api for an online store.
I have not properly understood the concept of basic http authentication over ssl.
Does that mean, for every request, the user will have to enter his/her username and password again?
Can somebody please explain in detail how it functions and how is it meant to be used?
Thanks in advance.
Basic authentification is just a standard HTTP header with the user and pass encoded in base64 :
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
(http://en.wikipedia.org/wiki/Basic_access_authentication) .If you authenticate your rest API calls by this header over a non ssl conection, the problem is that any man in the middle can decode your username and password from your auth header.
To make sure that your password is sent securely , instead of a normal HTTP connection you must use HTTPS . The only difference between HTTP and HTTPS is that HTTPS is using the SSL/TSL security protocol over TCP/IP instead of plain TCP/IP.
Now this has the drawback that establishing a HTTPS connection is more expensive on the cpu than normal HTTP connection. It is very clear that If you want to authenticate your rest calls on every request with this header you should make your rest API only available to HTTPS connections.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 太酷不给撩 的文章《HTTP Basic Authentication Over SSL for REST API》','https://www.manongdao.com/article-144739.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}