Auth Headers vs #jwt vs Sessions — How to Choose the Right Auth Technique for APIs
▻https://hackernoon.com/auth-headers-vs-jwt-vs-sessions-how-to-choose-the-right-auth-technique-f
Authenticating REST APIs calls for selecting the right one that suits your application. There are several ways:There are two choices for Single Page Applications:Session BasedToken Based authenticationThe set of questions that needs to be asked are:Should the sessions be invalidated before they expire? If Yes, Sessions must be preferred.Should the session end based on inactivity as against ending after a fixed time? If Yes, Sessions must be preferred.If Yes, Sessions must be preferred.Will mobile applications to use the same APIs? If yes, prefer token-based #authentication (but ensure a separate #api is built for these use cases)Is Your web framework protected against CSRF? Prefer token based authentication if it is a “No” or if you don’t know what CSRF is.If token based authentication is (...)