Rest token authentication with HTTP header

Question

This is an existing system with a login screen, now I expose some services as REST service. I build an authentication-token login system for this Rest(jersey) service. User

Answer 1

1. I would typically pass the token in an HTTP header.

2. Whether you use POST or PUT shouldn't matter.

3. Something else I would suggest to help prevent replay type attacks would be to include a nonce (ever increasing value) with each POST request. The server would then track the last used nonce and prevent any requests that use a previously used nonce from executing.