logoalt Hacker News

doc_icktoday at 12:45 AM2 repliesview on HN

What do you recommend then? What technology has been designed, completed, then used for years without any updates or problems?

Replies

kasey_junktoday at 1:00 AM

Bearer tokens are a dead end? You have to validate them anyway so traditional auth is the fallback.

tptacektoday at 1:00 AM

https://fly.io/blog/api-tokens-a-tedious-survey/

tl;dr: most of the time you should use opaque random strings.