There is a web application, and I want to be able to use the smartphone application that I made myself, so I would like to make the operations that I use in the web application into an API and accept the operations from my smartphone.Do you have any design best practices around certification? I remember user/pass in the app, and I can think of api that makes basic authentication with user/password every time, but I remember a little bit of discomfort in sending password every time.
ios android api authentication-authorization
I don't know if it's a best practice, but I think it's common to communicate with OAuth with authorization.
To put it roughly, before making API communications, send a username/password to the authorization server to obtain an access token to allow API communications.
Then, by placing the access token on the API request header, etc., you can determine if the request has been accepted.
Please look into the details.(The explanation may be wrong because it is difficult to use words around here, but if you look it up in OAuth 2.0, you'll find out more.)
© 2024 OneMinuteCode. All rights reserved.