我想添加一个REST接口的Django向移动客户端。移动客户端将使用JSON通过HTTPS。我一直没能找到最佳的方式来做到这一点的移动设备。从搜索周围，似乎＃2是更有利的，以1：

使用HTTP认证，并建立一个基于cookie的会话。会发生的所有交易通过HTTP和JSON消息将只包含的命令或数据。 通过用户名和密码（加密），每个JSON味精的所有交易中，不依赖于基于Cookie的会话。 解决方案

我会建议一个登录调用首先发送用户名/密码。该JSON会回传一个的authToken或accessToken该移动设备将发回所有后续调用。然后，您将检查以确保的authToken是有效的。这是该方法很多API的需要。在他们的数据库，他们将绑定API密钥的用户帐户，他们登录时使用。

I am trying to add a REST interface to Django for a mobile client. The mobile client will use JSON over HTTPS. I have not been able to find the "best" way to accomplish this for mobile devices. From searching around, it seems that #2 is more favorable to #1:

Use HTTP authentication and establish a cookie based session. All transactions will occur over HTTP and JSON messages will only contain commands or data. Pass the username and password (encrypted) within each JSON msg for all transactions and do not rely on cookie-based sessions.

解决方案

I would recommend sending the username / password first with a login call. The JSON will pass back an authToken or accessToken which the mobile device will send back for all subsequent calls. You will then check to make sure the authToken is valid. This is the approach many API's take. In their database they will bind the API key to the users account that they logged in with.