Custom HTTP Authorization Header

Question

I was wondering if it\'s acceptable to put custom data in an HTTP authorization header. We\'re designing a RESTful API and we may need a way to specify a custom method of au

Answer 1

Put it in a separate, custom header.

Overloading the standard HTTP headers is probably going to cause more confusion than it's worth, and will violate the principle of least surprise. It might also lead to interoperability problems for your API client programmers who want to use off-the-shelf tool kits that can only deal with the standard form of typical HTTP headers (such as Authorization).