Authenticaten API maybe too much?


So i'm converting my website i have to API based, the frontend api is done but then i have to make a backend API with login. I have been thinking of authentication API to my login and now i'm trying to reverse engineer it a bit.

We hare currently 2-3 users maybe a bit more that need access. i still need to be secure and not just a MD5/SHA1 encrypted password in a database.

i'm thinking of looking at and use that instead of using OAuth2 or OpenID etc i think that would be too much.

I plan to do a route to /login and do a check on that, return a cookie or maybe just a session, not sure.

please come with inputs :)

Hi @zyxep
I would use a sha256-Hash with some salt. (
For example, this can be the creation date of the user or something like that. For hashing this is secure enought
Then I would use secure sessions. and perhaps this one

But the strongest argument which security I choose is how strength my data has to be protected. So think about it,