Skip to main content

How to authenticate to REST APIs?


Authentication is a critical component of internet security, and any REST API that lets clients access or modify sensitive or critical data must have an authentication system in place.

If you want to integrate with a REST API, you will need to account for this. There are two major methods for authentication: username and password, otherwise known as basic authentication, or OAuth, which lets you authenticate with an access token that represents an authorized account.

Type of authentication

REST APIs can support either of these methods of authentication.

With Basic authentication, access is typically binary, i.e. either you can access all account data and functionality or none of it, and access can typically only be revoked by changing the user’s password.


OAuth is by far the preferred method because it offers much better security than basic authentication. This makes it much easier to grant and revoke access to the resources a REST client needs.

It does this by orchestrating an authentication between the resource owner and the HTTP service.

Once this has been completed, the REST client can use the access token in a bearer authentication header, this type of authentication should only be done over HTTPS (SSL).