REST API Authentication and Authorization , best practices?

[Samrat Roy]

Hi All,

I want to implement the REST Authentication and role based authorization.I have tried the authentication part with Basic ,Digest,JWS and JWT.I want to know 

if there is any other technique for authentication industrial level. how to achieve the role based authorization ?

[Peter Williams]

I have used oauth2 (rfc 6749) in several APIs with good success. There are a large number of high-quality libraries for clients (and to some extent, servers). The introspection api defined in rfc 7662 provides a convenient way (via extension fields) for a resource server to retrieve the roles allowed by a bearer token.

Peter

--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.

[MattM]

Hi Samrat,

Sorry for the late reply! :-) I think this is an excellent article that defines the current state of the art for API Access Control: https://nordicapis.com/api-security-oauth-openid-connect-depth/

Thanks, m@

[Samrat Roy]

Hi MattM,

Its ok Thanks for the info , i will definitely look into it.

> --
> You received this message because you are subscribed to a topic in the

> Google Groups "API Craft" group.

> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/api-craft/JSuWPHClZCo/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> api-craft+...@googlegroups.com.

> Visit this group at https://groups.google.com/group/api-craft.
> For more options, visit https://groups.google.com/d/optout.

--
Regards,
Samrat Roy
+918147635710