Authenticating REST Webservices

Hello ,

I have an app that is RESTful where there is a CMS side and an API side using the same RESTful services, controllers, methods , etc. The issue is that the CMS requires traditional login (through restful_authentication) but API client requests would need to use HTTP BASIC AUth or something similar I would assume.

How are people solving this challenge with authenticating users to their app via the web and via REST client differently to accomplish this? I was thinking of going the API Key route and authenticating individual applications but wasnt sure the best approach.



The restful_authentication plugin handles both. Obviously it cannot
distinguish the two types of users since they both just use http
requests but what it does is authenticate against one of three known
sources: cookie, http basic, and session (where session stands for a
logged in user). By default the HTTP basic authentication
authenticates against your user table so you can give individual admin
access as necessary.