We currently have a SOAP-based web service that our internal applications use to authenticate users. Basically, they send a SOAP request with username and password. The web service authenticates its credentials against our data store and returns user information if authentication was successful. The web service is protected using BASIC and SSL authentication.
We need to make changes to this web service, and I was considering re-writing it as a REST service. The REST services that I created in the past were fairly simple and did not require security. I never created a REST service that used confidential information, so I have a few questions / issues:
First, is there a best practice for reliably sending confidential request parameters (user credentials) to the REST service? I can still use BASIC and SSL authentication.
Secondly, if I send a request to the REST service using POST, is it still considered RESTful or is GET required for REST requests?
source
share