Dear all,
I wish to know what are the best practices in RESTful api when managing
user authentication and other persistent data?
I understand as a newbie that REST = totally stateless = no session
persistance on server.
So how do I do the authentication?
I feel that on first time login the user id must be sent back in the
response and then onb every request the id should be passed.
So before doing any activity related to CRUD, the server must check if a
user with that id exists and if he is an admin or a normal user (as is
required in my case).
Is that Correct?
if so then can I do this with more than one parameter?
I also need the orc code for the given organization, as the service may
be used by many organizations who share a common database.
Happy hacking.
Krishnakant.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
