|
|
|
|
|
|
by ravenstine
3005 days ago
|
|
|
Another way to look at this article is that Basic authentication may be a perfectly acceptable implementation over HTTPS, as opposed to something like Oauth2 when you aren't even using it for authorization. I've seen APIs that aren't user-facing at all and use Oauth2 merely for authentication. Pointless. Your best line of defense is HTTPS. |
|
|