I am developing spring rest webservice and my clients are android and ios applications. The problem is my application is 100% api based there is no website even for the admin, everything is mobile and I have been struggling how to do authentication and authorization with just apis. I did small spring projects before where my client was the browser. But now I have been stuck for a week and I can't seem to find anything on how to do this authentication and authorization thing. Is it my approach or is it so unusual thing. I would appreciate any help. Thanks
You can use Basic Authentication or Digest Authentication
https://docs.spring.io/spring-security/site/docs/3.0.x/reference/basic.html
But you should be careful and do not use it with HTTP, only with HTTPS, since basic authentication transmits the password as plain text.
Second way is to use JWT for securing your application. Here is example of using JWT https://github.com/szerhusenBC/jwt-spring-security-demo