-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Paradigm #3
Comments
I think it makes sense for the API client to log in (if they choose to) as we can then provide personalised results as well as deciding the nature of whether certain information can be exposed or not. The nature of 'how' is more the question here. For example, would the use of the session key as a cookie be approriate or whether that causes issues for certain clients as well as make the API stateful. This latter part needs some thinking as my gut feel is to avoid state within the API but I'm struggling to justify why (beyond the scaling argument). |
I think avoiding statefulness as required is good. But if performance can be boosted for JavaScript client or others that maintain state the better the client experience should be. |
Need to decide on what this will be.
The text was updated successfully, but these errors were encountered: