The REST API as a secure interface to the cloud
Oktober 02 2020
REST API's are based on a standardized architecture and represent an indispensable component of distributed IT systems. What is meant by this is a programming interface that is oriented towards the paradigms and behavior of the World Wide Web (WWW) and describes an approach for communication between client and server in networks.
Authentication via OAuth 2.0 protocol
OAuth (Open Authorization) is a protocol that allows standardized, secure authorization for desktop, web and mobile applications.
OAuth 2.0 uses tokens to authorize access to protected resources. This allows a client to be granted access to protected resources without having to pass on the service credentials to the client.
To access protected data on the resource server, an access token must be transmitted by the client as proof of authorization. This can be used to set the permissions associated with the Access Token. On the one hand, the client can request desired permissions from the authorization server, on the other hand, the authorization server informs the client about the granted permissions. The Access Token has a limited validity.
In summary, a REST-FULL communication runs like this:
- 1. The client requests an authorization from the resource owner.
- 2. The client receives an authorization approval from the Resource Owner.
- 3. The client requests an access token from the Authorization Server. For this purpose it uses the authorization authorization from the resource owner.
- 4. The Authorization Server authenticates the client and checks the authorization approval of the resource owner. If this is successful, it issues an access token.
- 5. The client requests the protected data from the resource server. For authentication it uses the Access Token.
- 6. The resource server checks the access token and, if valid, provides the desired data.