Reputation: 19695
What is the point with getting a token with a basic auth for my APIs
I've seen a lot a way of authenticating APIs where I get a token that has expiration time with a basic auth. Then I use this token in all my APIs calls to access my API.
First of all, what is the name of this kind of authentifacation ? Token based auth ?
Then what is the point about getting a bearer token when finally, I could just do it with basic auth ?
At a security level, if user / pass in basic auth is compromised, token can be generated easily on demand.
I wonder what is the extra value for that ? If token is JWT, I can get info about user, this is ok, but I could easily do the samething from basic auth information.
Upvotes: 0
Views: 238
Answers (1)
Reputation: 579
If you for example have some application running on a server that needs to communicate with an API, it's safer to only store the token on that server. In case your server gets compromised, you only need to revoke that token, and your credentials are not leaked.
Upvotes: 1
Related Questions
- Web API Authentication Basic vs Bearer
- Which is more better between basic auth and token auth as security perspective
- What is the motivation in using "Token" as authentication scheme in django rest framework?
- Why should I send token in `Authorization: Bearer ` header?
- API Design: HTTP Basic Authentication vs API Token
- Pass Access Token via Basic Auth vs Query String
- Basic authentication vs token authentication
- What is the point of Authentication tokens on REST services
- What are the rationales for token in js-based APIs
- Should I still provide basic authentication for my API