We are now providing the client with a token they can use in place of their email/password, but how should they attach it to subsequent requests? Generally, there are five ways of attaching information to an HTTP request:
- As a URL parameter
- As a query string
- Inside the request body
- As an HTTP cookie
- As a header field
The URL parameter is used for routing and it makes no sense to attach a digest there. Query strings are for things related to the query, such as setting the limit to limit the number of results returned in our search endpoint; it also makes no sense to attach information unrelated to the query here. As for the request body; we can't always have the digest in the request body, as some endpoints, such as Update ...