HTTP Basic Authentication Over SSL for REST API

Question

I am new to the concept of Restful API\'s.

I am designing a restful api for an online store.

I have not properly understood the concept of basic http authent

Answer 1

Basic authentification is just a standard HTTP header with the user and pass encoded in base64 :

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

(http://en.wikipedia.org/wiki/Basic_access_authentication) .If you authenticate your rest API calls by this header over a non ssl conection, the problem is that any man in the middle can decode your username and password from your auth header.

To make sure that your password is sent securely , instead of a normal HTTP connection you must use HTTPS . The only difference between HTTP and HTTPS is that HTTPS is using the SSL/TSL security protocol over TCP/IP instead of plain TCP/IP.

Now this has the drawback that establishing a HTTPS connection is more expensive on the cpu than normal HTTP connection. It is very clear that If you want to authenticate your rest calls on every request with this header you should make your rest API only available to HTTPS connections.