Timeline for How should an API use http basic authentication
Current License: CC BY-SA 3.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 18, 2012 at 17:28 | answer | added | Nathan Pilling | timeline score: 7 | |
| Sep 18, 2012 at 3:26 | answer | added | Brendan Green | timeline score: 0 | |
| Sep 14, 2012 at 3:01 | history | tweeted | twitter.com/#!/StackProgrammer/status/246443477842415617 | ||
| Sep 12, 2012 at 15:33 | comment | added | Paul Sylling | What are your thoughts on the part of my question about end user auth and api auth. I am still unsure on this | |
| Sep 12, 2012 at 15:05 | comment | added | Yam Marcovic | Cookies are just a way for browser users to seamlessly store session tokens. If you're interacting with a developer, this doesn't need to be seamless. You can set up a public connection service which grants "tickets", and developers can keep their ticket in-memory or wherever they'd like. Note that I have no practical web services experience and there are probably standard solutions for this kind of stuff. | |
| Sep 12, 2012 at 14:56 | comment | added | Paul Sylling | If cookies are not recommended, how/where do you store the creds to pass to the api? | |
| Sep 12, 2012 at 14:11 | comment | added | Yam Marcovic | Note that cookies aren't part of the HTTP protocol, and are merely a common browser feature. So if you're not deploying for web, forget about them. | |
| Sep 12, 2012 at 13:47 | history | edited | Paul Sylling | CC BY-SA 3.0 |
edited per feedback
|
| Sep 12, 2012 at 10:22 | history | asked | Paul Sylling | CC BY-SA 3.0 |