Reputation: 85
MVC - Is storing API Token on the Client Session a valid rest aproach?
I have a MVC4 application used to comunicate with an API,
this application get a Bearer Token from the API on the first login,
then the token must be sent to the api on each request.
Just to be clear, it's like this :
[MVC Website] <-> [API] <-> [SQL database]
Session with token would be on the MVC website, not the api...
As such, since the MVC4 application is the client of the API,
is it a good approach to store this Token in the Session of the MVC4 wesite?
No exchange is made with the API exept the request, so it's still stateless, or am i missing something?
Thanks for the help !
Upvotes: 1
Views: 569
Answers (1)
Reputation: 44680
If you have reasons to store token in ASP.NET MVC client application session, you can do it. I would say, session (and maybe database) is the best place to store API auth token.
The only problem you have to handle is token expiration.
Upvotes: 1
Related Questions
- Is is safe to store access token in session storage of client browser?
- Token Based Authentication MVC 5
- How to store token in mvc cookie and send it to api
- Where to store Bearer Token in MVC from Web API
- C# MVC API controller - token authentication in URL?
- use asp.net web api token to authenticate on mvc web site
- Authenticate MVC clients with Web API Tokens
- ASP.NET 5 Web Api Token Based Authentication
- Token-based Authorization in Existing ASP.NET MVC App
- asp.net MVC/WEB API - How to store authorization token