I am, finally, starting to look at developing REST APIs as the backend of a Web Apps. I’m certainly not the first and the community has already been developing great tools and technologies for this.
In particular, given my background with PHP and Symfony, I’ve been looking at:
For anyone, who haven’t read Roy T. Fielding’s thesis, I would highly recommend it. As much because it is THE document birthing the REST architectural style, as because it offers extremely interesting insight on Web and HTTP technologies.
However, there is a subject on which I haven’t found much resources, which is “How to design a RESTful and secure authentication API?” and the topic that obviously follow it: “How to integrate this with a RESTful API?”. Most platforms and tools focus on the API itself, putting security aside as a secondary concern. Even API Platform, which is a very promising platform, extremely developer friendly, and with an active community, doesn’t even try to offer decent default security settings yet.
In the next posts, I will try to provide my thoughts and ideas on the subject.
My main concerns or criteria are (in no particular order, but numbered for easy reference):
I will try to address and discuss these concerns and offer better insight on what should be important and why in the following posts: