The primary advantage that token authentication has over “credentials in request” is that, under ideal circumstances, you aren’t sending your authentication credentials over the wire very often. How well this actually works depends on how readily the consuming system can maintain state. If the consuming system is stateless, token authentication simply becomes redundant overhead since every API request becomes two API requests: one for authentication and one for the real request. On the other hand, if your consuming application is allowed to maintain state (and there are good reasons why it
...more
