ma11hew28
Reputation: 126309
Pass Access Token via Basic Auth vs Query String
When designing an API, is it best to allow the client to pass an access token only via basic access authentication, as does the Stripe API, or only via query string, as does the Facebook's Graph API, or via both, as does the GitHub API?
Upvotes: 4
Views: 1440
Answers (1)
Mendhak
Reputation: 8775
As often comes up in similar threads, it is ideal/better to put it in the header. However, when it comes to compatibility or legacy technologies (JSONP) or insincere proxies (remove headers), you end up having to put it in the querystring.
In other words, you put it into the querystring in order to be as 'compatible' and accessible as possible to all client technologies.
Upvotes: 3
Related Questions
- Web API Authentication Basic vs Bearer
- Access token vs username/password for API request
- What is the point with getting a token with a basic auth for my APIs
- Which is more better between basic auth and token auth as security perspective
- API Design: HTTP Basic Authentication vs API Token
- Authorization and the query string in REST API design
- authenctication token in a queryString
- REST Authorization: Username/Password in Authorization Header vs JSON body
- Basic authentication vs token authentication
- Should I still provide basic authentication for my API