How to do a webservice using json with auth?

I need to make almost all my models available from a webservice.

My webservice needs to return JSON.

Is there any "standard" to do a JSON webservice like SOAP?

What about authentification? I need my ws privatly accessible, what the best practice for this?

Sometimes, it seems that webservice client needs to pro开发者_开发问答vide login/password for each call, is it a best practice, can't we do something better?

You can use OAuth for application and user authentication. it is also possiblke to combine it with openID in case you don't want to be the authenticator.

Note thaet there are Oauth 1.0a and 2.0 which are pretty different.

If you want your server instance to be stateless (which you probably want for a REST service), then yes, unfortunately you'll have to provide some kind of authentication token for each call. Typically this would be a username and a password hash.

You could put the auth tokens in the http headers, but I would suggest that you put it in your input json instead, just to keep the implementation as simple as possible.

In short: Put your authentication data in your input json, for each call, and do a POST over HTTPS to protect the data in transit. That should make the implementation simple, easy and secure.