TechQA.

Server to Server API Authentication + Authorization

227 views Asked by At

I'm designing a Web API that will be consumed by external web server.

Only the external web server must be authorized to access the internal API.

The end user will be authenticated against external web server, but the username must be forwarded to Internal API when requesting data, because there is some data filtering based on the username.

enter image description here

What authentication mechanism should in the internal web api server?

  1. I started with X-API-Key header, but then how should I provide username? I would like to avoid passing username in querystrings

  2. I was thinking about basic authentication, where password would be the X-API-Key

  3. bearer token could theoretically work as well, but bearer tokens are usually generated by authorization server, which is not an option in this case.

EDIT: Note, that the end user does not make any API calls. It simply access a website build using some CMS and the CMS internally fetches the data and generates HTML response.

rest authentication basic-authentication bearer-token server-to-server
Original Q&A
0

There are 0 answers

Related Questions in REST

Related Questions in AUTHENTICATION

Related Questions in BASIC-AUTHENTICATION

Related Questions in BEARER-TOKEN

Related Questions in SERVER-TO-SERVER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions