Using Sessions vs Tokens for API authentication

Question

I have built a simple test API for a CakePHP application that will let a user login from a mobile device (or any device for that matter) and get a JSON response. This API co

Answer 1

Restful API restricts using sessions and saving system state at all. Each request must log-in user. Access tokes are great but also require additional handling.
The easiest way is to send authorisation data via HTTP Basic Auth ("Authorization" HTTP header)
http://www.httpwatch.com/httpgallery/authentication/
Mobile Applications can easily do that and it is easy to add this header for each request to API.
On server side:

$username = env('PHP_AUTH_USER');  
$password = env('PHP_AUTH_PW'); 

And process user log-in with this data in ApiAppController->beforeFilter()