I&#39;m currently writing an API which will interact with a web application, and mobile apps. The API is pretty simple and deals with users and their availability.
Since I am creating the API and the client-side applications both, it seems to me that OAuth2 is overkill for this since I don&#39;t really care if username/password passes through the client applications.
I do need to have different user_roles such as <code>Admin</code>, <code>Supervisor</code>, and <code>User</code> and then restrict access to API calls based on this.
Is there a simple way to go about this? Basic authentication over SSL?

I'm currently writing an API which will interact with a web application, and mobile apps. The API is pretty simple and deals with users and their availability.

Since I am creating the API and the client-side applications both, it seems to me that OAuth2 is overkill for this since I don't really care if username/password passes through the client applications.

I do need to have different user\_roles such as `Admin`, `Supervisor`, and `User` and then restrict access to API calls based on this.

Is there a simple way to go about this? Basic authentication over SSL?


OAuth2 overkill for small applications?

Product

Explore

Company

Blogs

Support