What is the generalised process for an application that to access a web application via REST Api ?
I know and understand the principle of the api and the way it works but I am unclear as to the best way to validate user etc ? I am looking to build a desktop app that acdesses data from my web app over an api. Unlike traditional browser based access where a sezzion is involved, I underxtand that with an api, I can pass a username and password but I am a little unsure as to the best way to pass these credentials ? For example, with a GET request, how can we pass the credentials on the GET string without risking eing intercepted ?
Also, what makes POSTs more secure, apart from the fact that the credemtials are in the request nody and not in the actual URL itself ?