Creating a secure REST service
We can break application security down into two considerations: authentication and authorization. We need to know who the user is and we need to be sure that the user is authorized to execute the particular WSGI application. This is handled relatively simply using both the HTTP Authorization header for credentials to ensure an encrypted transmission of these credentials.
If we use SSL, we can simply use the HTTP Basic Authorization mode. This version of the Authorization header can include a username and password in each request. For more elaborate measures, we can use HTTP Digest Authorization, which requires an exchange with the server to get a piece of data called a nonce that's used to create the digest in a more ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access