Using the RESTful Web Services module, we define specific supported authentication providers for an endpoint. The Drupal core provides a cookie provider, which authenticates through a valid cookie, such as your regular login experience. Then, there is the HTTP Basic Authentication module to support HTTP authentication headers.

There are alternatives that provide more robust authentication methods. With cookie-based authentication, you need to use CSRF tokens to prevent unrequested page loads by an unauthorized party. When you use the HTTP authentication, you are sending a password for each request in the request header.

A popular, and open, authorization framework is OAuth. OAuth is a proper authentication method that uses tokens ...

Get Drupal 8 Development Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.