Security
REST offers no built-in security features, however, there are various options available to secure your API. The right solution will depend on your requirements, but remember that REST is meant to be stateless by nature and you should not rely on session states.
Basic authentication is quite easy to implement, but provides the lowest level of security. Usernames and passwords are normally passed around as encoded base64 strings. You should always use Transport Layer Security (TLS), also known as SSL, to encrypt the channel to ensure that the credentials can not be intercepted and inspected.
API keys are another form of basic authentication as described previously, but instead of using a username/password, a token value is passed around. The key is either placed in the header section of the request or in the URL as a query string. Once again, it is best to use TLS when making use of API keys to guarantee privacy.
OAuth is another authentication process, whereby authentication is handled...
