We implement REST APIs in most of the applications and the REST API should also provide authentication and authorization to become a perfect API. When we create a web API, there should be access control mechanisms for securing web services from unauthorized users and give necessary access for the authorized users.

There are many security implementation mechanisms and OAuth2 is one of the best methods among them. OAuth 2.0 specifies an authorization prior to using REST API methods. OAuth2 provides many options to authorizations and the best option should be selected according to the nature of the application.I have explained a way for implementing OAuth2.This method contains a new Key Manager to handle the OAuth2 procedure.

First, the client application has to login to the application by entering username and password as usual. When the client application needs to access API, it has to first face the authorization procedure in the key manager component. The client has to create a web app in order to access the REST API as shown in the diagrams below. Then, the consumer key and consumer secret are generated and given to the client. After that, by passing that consumer key and consumer secret to the key manager, client can receive access token as the response. Then by using this access token, the client can access the API.

Figure 1 OAuth2 Implementation

Figure 1 OAuth2 Implementation

Figure 2 OAuth2 Procedure

Figure 2 OAuth2 Procedure