With our restful web services calls we simply include the credentials in every call, using simple auth. When you think about it, this is actually pretty nice. It makes for an easy to understand api, and doesn't involve any gymnastics for authenticating, expiring a token, etc.

通过我们的宁静Web服务调用,我们只需使用简单的身份验证即可在每次调用中包含凭据。当你考虑它时,这实际上非常好。它使一个易于理解的api,并且不涉及任何体操认证,到期令牌等。

I'd also recommend you do all of this over https, since the password will be in clear text.

我还建议您通过https完成所有这些操作,因为密码将以明文形式显示。

Doesn't doing things restfully make retaining session information server side dicey.

不做任何事情使保留会话信息服务器端冒险。

By definition it's supposed to be stateless.

根据定义,它应该是无国籍的。

Thought technically you can store state in the cookies (as long as its encrypted), it's not very restful.

从技术上讲,你可以在cookie中存储状态(只要加密),它不是很安静。

Just my 2 cents.

只需2美分。

I am confused about how you could use Apache for this -- I always thought Apache either just serves static files, or runs scripts interpreted by other programs (Perl, PHP, etc). I've handled my stateful transactions using PHP (usually with cookies though that's technically not REST).

我很困惑你如何使用Apache - 我一直认为Apache只是提供静态文件,或运行其他程序解释的脚本(Perl,PHP等)。我使用PHP处理我的有状态事务(通常使用cookie,但技术上不是REST)。