- REDIRECT Token-Based_Authentication#Introducci.C3.B3
- Designing a Secure REST (Web) API without OAuth': http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication by Riyad Kalla covers the best way to secure you rest api. But as this article aims at very beginners I am not going with any complex model. So for now we can go with generating a random api key for every user. The user is identified by the api key and all the actions can be performed only on the resources belongs to him.