tags:

views:

333

answers:

3
+1  Q: 

Most RESTful Authentication Approach - Who is using it?

Duplicate: this must be a duplicate of one of the questions that come up in the following search: http://stackoverflow.com/questions/tagged/rest+authentication. Please close it as a duplicate if you agree, and add any answers to one of the other questions.

What is the most RESTful form of authentication? What websites use it? (so I can go look at the documentation).

Looking at some APIs that claim to be REST are really POX
(ex. Remember the Milk - http://www.rememberthemilk.com/services/api/methods/)

+1  A: 

I don't know if this is the 'most RESTful' form, but Amazon's S3 uses an authentication method which is documented here. Each request is signed, so there is no session to track on the backend, but you can still securely verify what user issued the request.

ryanday  2009-07-27 15:17:02
+1. This sort of makes sense. Is there a good hashing/crypto JavaScript lib that you'd recommend?
tyndall  2009-07-27 19:04:27
Not that I've used in production. I tried to go with this method for a project at work, but we ended up using Flex/amfphp instead. Sorry!
ryanday  2009-07-27 19:50:52
+1  A: 

The most RESTful authentication method is probably HTTP Basic. Because it has some significant weaknesses (replay attacks), most APIs tend to shy away from it.

Joe Liversedge  2009-07-27 15:23:56
Good point. +1.
tyndall  2009-07-27 18:51:12
A: 

Open Sourcery has a well-thought-out article on RESTful authentication. Sounds like there are no awesome solutions right now beyond simple user/pass auth over SSL and then keeping auth info in subsequent request headers.

jtsnake  2009-08-19 23:56:10

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?