Should the links contain an authentication token in HateOAS?

Question

Should the links contain an authentication token in HateOAS?

I use Spring MVC and Spring HateOAS to create a secure and stateless JSON API.

Everything works perfectly. But I have a "conceptual" question. My API uses an authentication token in every request. For example, you use the login API to get your authentication token, and when you call my API, you should use it like this:

http://some_host/api/foo/bar?token=abcd

The API always responds to JSON, and the links are generated through Spring HateOAS. For example:

{
    "label" : "foo",
    "links" : [
        "rel" : "self",
        "href" : "http://some_host/api/foo/bar/1234656"
    ]
}

Question: Should I add an authentication token in the generated URL? (so it will be http://some_host/api/foo/bar/1234656?token=abcd)

I can not find any advice or agreements for this.

+4

java spring spring-hateoas spring-mvc hateoas

Magus 31 . '13 13:07

2

Jonathan W · Answer 1 · 2013-11-02T04:21:39+0000

HTTP- (, HTTP Basic Digest). - cookie. Servlet cookie JSESSIONID.

, , URL- .

zeroflagL · Answer 2 · 2015-11-26T17:48:23+0000

, , , .

http://some_host/api/foo/bar/1234656 (URI) (URL) . URL, . URL-, http://some_host/api/foo/bar?token=abcd , .

URL- - , , . - , .

Should the links contain an authentication token in HateOAS?

More articles: