Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by

HTTP Basic Authentication and Digest Authentication are popular for protecting resources on the web. Both are based on usernames and passwords. HTTP/1.0 includes the specification for the Basic Access Authentication scheme, which takes the username and password over the network in cleartext. Hence it isn’t considered to be a secured way of authenticating users, unless it’s used over an externally secured system such as Transport Level Security (TLS). RFC 2617 defines the specification for HTTP’s authentication framework (the original Basic Access Authentication scheme) and Digest Access Authentication, ...