Once deployed in production, an application is exposed to a large number of requests. Inevitably, some of them will be malicious. This brings the requirement of granting explicit access permissions only to authenticated users, that is, authenticating a selected number of consumers to have access to your service. Most of the consumers will use the service only for data provisioning. However, a few will need to be able to provide new, or modify the existing, catalog data. To ensure that only appropriate consumers will be able to execute the POST, PUT, and DELETE requests, we will have to introduce the concept of authorization into our application, which will grant only explicitly selected users modification permissions.
Data services may provide sensitive private information, such as email addresses; the HTTP protocol, being a text protocol, may not...