Simple Authentification for REST api
In my network i have a device which provides a REST-like interface over
HTTP. The intefarce should be accessed by an android phone in the same
network. To control the device over this REST interface the user must
enter a 4-digit PIN Code on the android smartphone. What's a common way of
authorizing the user for using the REST Api? My idea was: First the user
try to call a /login REST-API method and transmits the 4-digit pin. If the
pin is OK (this will be checked on the network device) a token will be
generated by the network device, and returned to the android smartphone.
Question: HOW can/should i generate such a token? (i am using c++ on the
network device) This token will be then used to authenticate the user
every time he wants to call a REST API method, i.e. with every request
this token will be transmitted in the POST body.
Is this a common way for a simple authentication? Note: I know that there
are much better and complex security solutions for this, but for my task a
simple solution is sufficient.
kind regards
No comments:
Post a Comment