Building API - safe way to send password

I'm building a REST API and I am in doubt about the way the password's sent is safe?

The password is sent in the URL like this:

https://www.example.com/api-version/user-name/password/

Yeah. Don't do that. Either use HTTP Basic authentication, or pass an access token such as an OAuth token as a parameter, i.e.

http://www.example.com/api-version/end-point/?access_token=...

Send it in POST payload (not in URL!) over SSL encrypted connection. Sending password as you suggested is extremely insecure.

来源：https://stackoverflow.com/questions/7257889/building-api-safe-way-to-send-password

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!