Home > Blockchain >  APIs: Do you need to send the authentication header token with every request?
APIs: Do you need to send the authentication header token with every request?

Time:10-22

I'm currently making an API and wanted to know if the API user has to send the token every time they make a request. I'm using Flask_JWT_Extended to handle authentication with the API. The token gets send in the header.

CodePudding user response:

Yes, that's one of the consequences of the REST "stateless" constraint.

each request from client to server must contain all of the information necessary to understand the request -- Fielding 2000

CodePudding user response:

When you use JWT as authentication and authorization, yes - your consumer needs to send the token with every request to prove that he is authenticated.

The idea is:

  • authenticate against a login service
  • obtain a token
  • use this token against multiple services which do not need to store/share a session

You can implement a session even with JWT and require your user to send a session cookie or similar - but doing so, you have the problem that you need to share the server-side session among different services, where JWT is a way to get rid of it.

Of course, the JWT token itself is larger in size than a simple cookie in many cases, but that should not be such a big deal nowadays.

Page link:https//www.codepudding.com/Blockchain/161429.html

Prev:C template with condition for type
Next:Python multiprocessing manager showing error when used in flask API
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding