This brick is due for review.
REST API authentication is a set of technologies used by web services to authenticate client requests.
The following table categorizes related technologies according to their current lifecycle status.
(Trends to watch)
(Scheduled for retirement)
- TLS Client Certificate Authentication (using application certificates from the UW CA)
- Proprietary API authentication protocols
- HTTP Basic Authentication (without SSL)
Note: Refer to the IAM Brick Reference for complete descriptions of the six status designations and common lifecycle patterns.
- No new technologies have been identified for this designation.
- OAuth 2.0 is emerging into the environment as a strategically important open standard for delegated access to REST APIs for web, mobile, and data mashup patterns of use.
- No technologies have been selected for the tactical designation.
- TLS Client Certificate Authentication using X.509 certificates issued to applications by the UW Services Certificate Authority is a baseline technology used to authenticate API clients.
- Proprietary API authentication protocols have proliferated while open standards
- HTTP Basic Authentication (without SSL) isn't a secure way to authenticate clients.
- Any leftover use of OAuth 1.0 should be retired.
Last Review Date
March 27, 2013