I am planning to work on a REST based API, may be host it in one of the cloud providers like AWS . I understand simply having an API key wouldn't be enough from a security perspective, as the key is passed in the header . I simply want to build a REST endpoint and don't plant to build a web front end for users to create an account, so I won't have username/password or use login credentials to validate. should i add this?
I hear about OAuth standard, or token based, how does this work, if anyone can explain that would be helpful.
Our community of experts have been thoroughly vetted for their expertise and industry experience.