REST Authorization: username / password in the authorization header against the JSON body

Question

REST Authorization: username / password in the authorization header against the JSON body

I use a token style authentication process. After the client received the token, it is either set in the client’s cookie client (for the Internet), or in the headers of client request authorization (for mobile devices). However, in order to receive a valid token, the client must first “log in” using a valid combination of username and password. My question is this:

Is there any added security by sending the username / password combination to the authorization header and as parameters in the body of the JSON request (if I use HTTPS)?

I only need to send the username / password combination "once" per session to get the token. Am I getting anything by doing this in the basic-auth style?

+3

json http rest token basic-authentication

Andrew Burnett Apr 11 '15 at 0:37

source share

1 answer

Pedro Werneck · Accepted Answer · 2015-04-11T04:18:56+0000

There is no added security when sending credentials to the header Authorizationand JSON body. The advantage of using a header Authorizationis that you use standardized HTTP semantics, and you don’t need to accurately document what clients do. You can simply specify them in the RFC.

, RESTful, , Authorization , , .

REST Authorization: username / password in the authorization header against the JSON body

More articles: