API Design: HTTP Basic Authentication vs API Token

Question

I\'m currently creating an authentication system on front of a public web API for a web application. Given that each user account has an API key and each request must be authent

Answer 1

I would prefer using the token solution. If you don't have actual users with their own username and password, then it feels like you are using the Basic Auth construct not as intended. Not that that's necessarily wrong, but not as clean, IMO. It also removes the need to use custom headers and I think it makes implementation on both sides easier and cleaner. The next question I would be asking is if you should be using two-factor authentication or if you need to manage sessions at all.