Public and private endpoints
Just like public web pages, we can have public endpoints for RESTful web services as well. All endpoints that are available to the user before authentication are not public. Sometimes, we make endpoints which are open to use before login, or without login, but they are only intended to be accessible through our application. Those endpoints are not public, so we do not want those endpoints to be accessible through other applications. For that purpose, we will be using some sort of API key, as discussed earlier.
We can use an oauth2-based access token. A big advantage of using an oauth2 access token is that if we are making different applications to access similar endpoints, then we can have different access tokens ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access