Adding basic authentication to our REST API

Now that we registered the customer, we can move towards the authentication process. Authentication is to verify whether a customer is a valid user of our site or not. We already have their credentials with us since they registered using our registration form. When they try to access any resource from our site using those credentials, we will verify first and then allow.

Registration will be allowed for everyone and won't be authenticated. However, when a customer wants to read their profile details or delete their account, and so on, then we need authentication in place so that the data is returned to users who are actual trusted users of the application.

For basic authentication:

• We will get the username, which will be the email ID and password from the client while they request a resource. This will be sent with HTTP headers. We will see it when we design the client.
• Then, that data will be verified from the database.
• If found, the operation will be allowed, otherwise a 401 Unauthorized response will be sent.