Security in Web service api
Hi everybody,
Currently, I'm building a website service which provides API for the native app. And I'm considering some solution for security like base auth and token.
Can you suggest some solution for it ?
Thank you so much.
2 comments
[ 4.4 ms ] story [ 15.1 ms ] threadFor auth, my favorite auth is two fold
For API access => Signature based verification, signing each and every request using a known signature algorithm with the secret key (only known to you and the app developer).
For users => Token based authentication (lots of open source solutions out there).