So i'm converting my website i have to API based, the frontend api is done but then i have to make a backend API with login. I have been thinking of authentication API to my login and now i'm trying to reverse engineer it a bit.
We hare currently 2-3 users maybe a bit more that need access. i still need to be secure and not just a MD5/SHA1 encrypted password in a database.
i'm thinking of looking at http://docs.phalcon.io/en/latest/reference/security.html and use that instead of using OAuth2 or OpenID etc i think that would be too much.
I plan to do a route to /login and do a check on that, return a cookie or maybe just a session, not sure.
please come with inputs :)