How to handle authentication in PHP REST web service?

Question

How to handle authentication in PHP REST web service?

I read that a good way to write web services to use from mobile applications is to avoid SOAP (too verbose) and use REST; in many REST examples I saw that it is better to avoid sessions due to the lack of state without REST ... but how can I ensure security when calling my web service? I would like to do a “login” and then pass the session_id / token to the next webservice call ... How to do this?

+5

rest php

Cris Mar 07 '11 at 11:35

source share

2 answers

Thiefmaster · Answer 1 · 2011-03-07T14:24:45+0000

The cleanest way is to use HTTP authentication. You have not noticed that it will be much simpler and more understandable (API calls are not related to other API calls, and clients do not need to wait for session timeouts, etc.).

Artur marnik · Answer 2 · 2011-03-07T14:18:23+0000

You can pass the user token (and the session or any other authentication data if you need it) in a json request, for example:

{"auth": {"session_id": "abc", "token":"123"},
 "data": "your request data"
}

If you are crazy about security, you can generate a new token after each user login, and even have a lifetime for tokens.

How to handle authentication in PHP REST web service?

More articles: