Adding authentication to REST services
In the previous recipe, Building REST services with JSON, we learnt how to enable JSON access to our actions, including the ability to create, modify, or delete posts with a simple JSON request.
Modification of data through REST requests can lead to sensitive data loss if we don't add some sort of authentication. This recipe shows us how to enforce that our data-changing REST services are only utilized by valid users using HTTP Basic Authentication.
Getting ready
To go through this recipe, we need some JSON-based REST services implemented. Follow the entire recipe Building REST services with JSON.
We also need a working authentication for our application. Follow the entire recipe Setting up a basic authentication system in the Authentication chapter.
How to do it...
Edit your app/controller/posts_controller.php
file and make the following changes to the beforeFilter
callback:
public function beforeFilter() {
parent::beforeFilter();
if ($this->_isJSON(...