How do people handle authentication for RESTful api's (technology agnostic)

Question

i\'m looking at building some mobile applications. Therefore, these apps will \'talk\' to my server via JSON and via REST (eg. put, post, etc).

If I want to make sure a

Answer 1

As RESTful services uses HTTP calls, you could relay on HTTP Basic Authentication for security purposes. It's simple, direct and is already supported for the protocol; and if you wan't an additional security in transport you could use SSL. Well established products like IBM Websphere Process Server use this approach.

The other way is to build your own security framework according to your application needs. For example, if you wan't your service only to be consumed by certain devices, you'll need maybe to send an encoded token as a header over the wire to verify that the request come from an authorized source. Amazon has an interesting way to do this , you can check it here.