A previous answer only mentioned SSL in the context of data transfer and didn’t actually cover authentication. You’re really asking about securely authenticating REST API clients. Unless you’re using TLS client authentication, SSL alone is NOT a viable authentication mechanism for a REST API. SSL without client authc only authenticates the server, which is irrelevant … Read more
As tweakt said, Amazon S3 is a good model to work with. Their request signatures do have some features (such as incorporating a timestamp) that help guard against both accidental and malicious request replaying. The nice thing about HTTP Basic is that virtually all HTTP libraries support it. You will, of course, need to require … Read more
How to handle authentication in a RESTful Client-Server architecture is a matter of debate. Commonly, it can be achieved, in the SOA over HTTP world via: HTTP basic auth over HTTPS; Cookies and session management; Token in HTTP headers (e.g. OAuth 2.0 + JWT); Query Authentication with additional signature parameters. You’ll have to adapt, or … Read more