Restful web service authentication

Question

I have a Restful web service API, that is being used by different 3rd parties. Part of that API is restricted (you need username/password to access it). I was wondering what wou

Answer 1

Assuming the service is never consumed in a browser and the communication is encrypted anyways, i see no harm in a variation of the second method: Add X-Headers to send username/password with each request, e.g.:

GET /foo HTTP/1.1
Host: www.bar.com
X-MyUsername: foo
X-MyPassword: bar

Another idea would be to use HTTP Basic Auth and just send a Authorization: Basic base64(user:password)-Header. That is, if the connection is always encrypted.