

Ask HN: Best Practice Authentication for Mobile HTTP Backend - jacoblyles

I’m writing a mobile app that uses a private web API back end to provide services to user devices. Users have individual profiles stored on a central server that they should be able to modify but other users shouldn’t. So I need some form of authentication to prevent users from modifying the wrong data or accessing data that they don't have permission to access.<p>Trading passwords or API keys plaintext across the network makes me a little nervous. My research into alternatives has me confused and unenlightened. So for the benefit of myself and others struggling with this problem, what does Hacker News recommend for authentication in HTTP backends of mobile services?<p>Thanks!
======
voidfiles
you can use HTTP Basic Auth over HTTPS. In any case, HTTPS will be a must, if
you are worried about security.

What is wrong with using a username, and a password over HTTPS?

~~~
jacoblyles
Good point. If I use HTTPS then things are easy.

