All Questions

1650
votes
34answers
2693960 views

Why does my JavaScript get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error when Postman does not?

I am trying to do authorization using JavaScript by connecting to the RESTful API built in Flask. However, when I make the request, I get the following error: XMLHttpRequest cannot load http://myA...
628
votes
13answers
330808 views

RESTful Authentication

What does RESTful Authentication mean and how does it work? I can't find a good overview on Google. My only understanding is that you pass the session key (remeberal) in the URL, but this could be h...
400
votes
6answers
94137 views

Do sessions really violate RESTfulness?

Is using sessions in a RESTful API really violating RESTfulness? I have seen many opinions going either direction, but I'm not convinced that sessions are RESTless. From my point of view: authentica...
79
votes
6answers
58672 views

REST authentication and exposing the API key

I've been reading up on REST and there are a lot of questions on SO about it, as well as on a lot of other sites and blogs. Though I've never seen this specific question asked...for some reason, I ca...
77
votes
3answers
96105 views

How to secure RESTful web services?

I have to implement secure RESTful web services. I already did some research using Google but I'm stuck. Options: TLS (HTTPS) + HTTP Basic (pc1oad1etter) HTTP Digest two-legged OAuth a Cookie-bas...
75
votes
5answers
29070 views

Token Authentication for RESTful API: should the token be periodically changed?

I'm building a RESTful API with Django and django-rest-framework. As authentication mechanism we have chosen "Token Authentication" and I have already implemented it following Django-REST-Framework's...
11
votes
3answers
7055 views

RESTful frameworks for Android, iOS...?

My company is reworking its API and wants to make everything RIGHT for this time ;) Thats the setup... We are delivering data to clients over the internet. Clients are mobile handsets like iPhone, ...
17
votes
1answers
6121 views

WCF, RESTful Web Services and custom authentication

I am beginning to believe I am a grossly incompetent programmer. After a lot of reading, I still cannot figure out how to cleanly implement an authentication mechanism for a RESTful WCF Service. I ha...
91
votes
1answers
34577 views

API Keys vs HTTP Authentication vs OAuth in a RESTful API

I'm working on building a RESTful API for one of the applications I maintain. We're currently looking to build various things into it that require more controlled access and security. While researchin...
72
votes
6answers
76668 views

How do I implement login in a RESTful web service?

I am building a web application with a services layer. The services layer is going to be built using a RESTful design. The thinking is that some time in the future we may build other applications (i...

Previous Next