Authentication
As we learned in Chapter 9, Sessions and Authentication, it is important to authenticate the users of our application. It is good practice to only allow those users who have registered in the application to log in and access information from the application. Similarly, for REST APIs too, we need to design a way to authenticate and authorize users before any information is passed on. For example, suppose Facebook's website makes an API request to get a list of all comments for a post. If they did not have authentication on this endpoint, you could use it to programmatically get comments for any post you want. They obviously don't want to allow this, so some sort of authentication needs to be implemented.
There are different authentication schemes, such as Basic Authentication, Session Authentication, Token Authentication, Remote User Authentication, and various third-party authentication solutions. For the scope of this chapter, and for our Bookr application...