David A. Wheeler
On Aug 12, 2020, at 5:43 PM, HANSEN, TONY L <email@example.com> wrote:
David, here are some questions not answered by that page:It uses TLS to authenticate the best practices server, as well as provide
confidentiality & integrity between client & server.
Login session management uses an HTTP cookie, not basic authentication.
A quick summary is “do what a human user would do”. You use a POST
to log in (with username & password), and get a cookie that represents your session.
That cookie can then be used (for a period of time) by sending it as part of
future requests, and grants you whatever your account is authorized to do.
* When using the PATCH verb, what is the JSON input expected to look like?This is actually implemented by the underlying Rails framework. I’ll have to search,
but I believe there’s lots of sites that go into this.
— David A. Wheeler