Last post Nov 10, 2015 04:13 AM by Weibo Zhang
Nov 07, 2015 07:43 AM|BehroozBahrameh|LINK
I'm developing api's for a game and I need to know in each call witch user in game called server api's.
I've read RESTFULL api is state less and By adding session (or anything else of that kind) you are making it stateful and defeating any purpose of having a RESTful API. So, what is the best practice to authentication and authorization request? Now, client
post login request, server generate hash token and store and return to client, client put it in all other request header and server find user by this token.
Nov 07, 2015 12:02 PM|damienBod|LINK
If its a MVC client, you can use a different OAuth2 flow.
Nov 10, 2015 04:13 AM|Weibo Zhang|LINK
You could take a look at the following blog that talks about the considerations for some of the common methods to authentication the Web API.
If you want to custom the returned userinfo,you could have a look at the following link.
I hope it’s useful to you.