How do I secure REST API calls?

Question

I\'m developing the restful web app that using some popular web framework on the backend, say (rails, sinatra, flask, express.js). Ideally, I want to develop client side wit

Answer 1

Here's what I do:

1. Secure the API with an HTTP Header with calls such as X-APITOKEN:

2. Use session variables in PHP. Have a login system in place and save the user token in session variables.

3. Call JS code with Ajax to PHP and use the session variable with curl to call the API. That way, if the session variable is not set, it won't call and the PHP code contains the Access Token to the API.