REST API authorization header or custom header such as X-ABC-Token

Question

REST API authorization header or custom header such as X-ABC-Token

Do I have to use my own HTTP header to pass the JSON web token or HTTP header Authorizationin my RESTFul services.

I already read the custom header of the HTTP authorization , but could not understand the obvious flaw if I use the header as . X-ABC-Token

After reading the REST authorization: username / password in the authorization header against the JSON body , I find that permission seems like a good choice.

If I use HTTP authorization, I believe that I can use the channel transfer tool to achieve this, as stated in rfc6750

Please suggest me what are the best ways to pass this token in every HTTP request.

+4

http rest authorization http-headers

Vijay kumar rajput Nov 22 '15 at 11:44

source share

2 answers

Pedro werneck · Answer 1 · 2015-11-22T13:56:12+0000

You should not extend the standard protocol functions if existing problems solve your problem. The correct approach is to define your own authorization scheme for the header Authorization.

You can do something like:

Authorization: MyCompanyLogin token="abcdefg...."

Sjoerd · Answer 2 · 2017-05-08T14:10:22+0000

Browsers and proxies already know about the authorization header. For example, responses to requests with an authorization header are not cached or cached for only one user.

X-ABC-Token. - , . . , , , Cache-Control: private.

REST API authorization header or custom header such as X-ABC-Token

More articles: