Chapter 26: Authentication and Authorization

All web services, including REST services running within a company’s internal infrastructure, should be protected by at least a basic authentication mechanism. While the broader topic of authentication and authorization goes beyond the scope of this guide, I believe it is important to explain at least the fundamental principles of how they work in today’s REST APIs.