REST API AUTHENTICATION

DE LOS REYES, COBBIE ANDREI T.

BSIT 3RD YEAR- WMA
CSIPT101 - FINAL EXAMINATION
What is API?

What is API?

Application Programming Interface (API) isa software intermediary that allows two applications
to talk to each other. Each time you use an application like Facebook, send an instant message, or check
the weather on your phone, you’re using an API

Example of an API

When you use an application on your mobile phone, the application connects to the Internet and
sends data to a server. The server then retrieves that data, interprets it, performs the necessary actions
and sends it back to your phone.The application then interprets that data and presents you with the
information you wanted in a readable way. This is how API works.
What is Authentication?

What is Authentication?
Authentication is the process of determining whether someone or something is, in
fact, who or what it says it is. Authentication technology provides access control for
systems by checking to see if a user’s credentials match the credentials in a database of
authorized users or in a data authentication server. In doing this, authentication assures
secure systems, secure processes and enterprise information security.
What is Rest API Authentication?

The Rest API authentication process validates the identity of the client
attempting to make a connection by using an authentication protocol. The protocol
sends the credentials from the remote client requesting the connection to the
remote access server in either plain text or encrypted form. The server then knows
whether it can grant access to that remote client or not.
What are the types of Rest API Authentication? Compare and Contrast each type

There are Types of Rest API Authentication method:

● HTTP Basic Authentication

● API Key Authentication
● OAUTH Authentication
● OR NO Authentication
HTTP BASIC AUTHENTICATION

This is the simplest way to handle authentication is through the use of HTTP, where
the username and password are sent alongside every API call. You can use an HTTP
header and encode the username and password.
Note: If you end up using HTTP Basic Authentication, use it through HTTPS so the
connectiin between the parties encrypted.
API KEY AUTHENTICATION

This method creates unique keys for developers and passes them alongside
every request. The API generates a secret key that is a long, difficult-to-guess string
of numbers and letters at least 30 characters long, although there’s no set standard
length. It is typically passed alongside the API authorization header.
OAUTH Authentication

For HTTP services, you can give third-party developers access by using the
OAuth 2.0 authorization framework. This framework can orchestrate approvals
automatically between the API owner and the service, or you can also authorize
developers to obtain access on their own.
NO Authentication

There’s always the option of applying no authentication al all. Developers can

just make a request to a specific URL and get a response without needing any
credentials or an API key. This approach is commonly used in internal API’s hosted
on premises but is not a recommended practice.
Compare and Contrast
The HTTP Basic Authentication is easy to implement but is also susceptible to account
compromises since the password is not encrypted.

The API Key Authentication is also easy to implement for API providers and application
developers

The OAuth Authentication offers security scalability and the best user experience. However, it’s
also more work for developers and API providers to implement and maintain it. All user need to click a
button, but in real benefit is that the user can utilize an existing account, and the app developers can
leverage an existing authentication mechanism, which is less work than creating one on their own.

The NO Authentication, is easiest way to access an API. If the user don’t have the right
credentials it will not allow the user to grant an access but this is susceptible also it is because it just
need a username and password for the user to gain access to the servers.
What are the uses/application of Rest API Authentication? Why would programmer will use it?

The common authentication used by the programmers are the HTTPS/TLS it is because of
its basic authentication. It is easy to implement and supported by most browsers, it is best used
for server-side only applications. It can also be combined with other security methods to make it
more secure.

Some applications uses REST API:

● Amazon
● Google
● LinkedIn
● Twitter
What is authentication and authorization? How is it implementation in Rest API Authentication?

The difference between the Authentication and Authorization:

Authentication is the process of verifying who someone is.

Authorization is the process of verifying what specific applications, files, and data a
user has access to.

These two implement in API. For the user to check if the credentials is correct to
authenticate it to access to the system or server.
Give examples of how Rest API Authentication is being used in the real worl applications?

FACEBOOK

Facebook makes its APIs easily available to implement for company

developers who want to leverage the vast treasure trove of information the
social network has collected on each of its regular users. The APIs link easily
with the majority of CRMs out there, giving marketers the power to churn
through and analyze that data to deliver highly-targeted ads and messages to
selected Facebook users.
What type of authentication are they using?

Facebook, use the Graph API is their primary way to get data into and out of the
Facebook platform. It’s an HTTP-based API that apps can use to programmatically query data,
post new stories, manage ads, upload photos, and perform a wide variety of other tasks.

Also, they used HTTP to transfer all data to HTTP/1.1 and all endpoints requires HTTPS.
Because the Graph API is HTTP-based, it works with any language that has an HTTP library,
such as cURL and urllib. This means you can use the Graph API directly in your browser.
Among the different type of Rest API Authentication,as a programmer what
will you choose for your projects? Explain your answer.

For me, when I will creating my own website or application. The API that I will
used is either OAuth Authentication. It is because this type of Authentication gives
the user best experience when using it. And it offers the security scalability to the
application or website for the user to make sure that their data is safe and will not be
exploit. This also works in identity layer that can be deploy to the APIs verification to
identify and profile through authentication that is performed by the authorization
server.
Can you make a simple demonstration of it?
References:

https://www.mulesoft.com/resources/api/what-is-an-api

https://www.techtarget.com/searchsecurity/definition/authentication

https://www.3pillarglobal.com/insights/most-popular-api-authentication-methods/#:~:text=The%20API%20au
thentication%20process%20validates,plain%20text%20or%20encrypted%20form
.

https://lo-victoria.com/introduction-to-rest-api-authentication-methods

https://www.sailpoint.com/identity-library/difference-between-authentication-and-authorization/#:~:text=Sim
ply%20put%2C%20authentication%20is%20the,a%20user%20has%20access%20to
.
References:

https://sparkequation.com/2020/05/13/8-real-world-examples-of-successful-api-implementation/

https://developers.facebook.com/docs/graph-api/overview/