Common Rest authentication methods

Authentication: proving your identity. Say a company-issued I-card proves that you are an employee.

Authorization: proving your right to access. With company I-card you can have access to common areas but NOT the security or server rooms.

Basic: straightforward and easiest method. Use of encoded ‘username – password’ in the request header.

Bearer: also called ‘token’ authentication. Token - a cryptic string, usually generated by the server in response to a login request. Once the token is generated, client must send this token in the Authorization header when making requests to protected resources.

OAuth: User signs-in, grants permission, and your app can authenticate each request with an access token. E.g., ‘Login using Facebook/Gmail’ option on many websites OR when you cross-post on any social network | App-A > Facebook Login popup > Enter credentials > Give permissions > App-A now has the token generated by Facebook > this token can now be used by App-A based on the permissions granted.