Should an API server be stateless for an Android app?

Question

I am creating a Restaurant reviewing app. There will be a Spring Boot API server as it's backend. I can easily set stateless property in Spring Security as:

http.sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

Now what is the best practice for this? Should it be stateful or stateless?

If it should be stateless then every http api call needs to be reauthenticated right? (I mean app needs to send user name and password).

Thanks.

Answer 1

There are many advantages of making API calls stateless:

• Being stateless makes REST APIs less complex since web services need not maintain the client's previous interactions
• A stateless API is also easy to cache as well
• Statelessness helps in scaling the APIs to millions of concurrent users by deploying it to multiple servers
• Web services can treat each method request independently

The disadvantage of stateless API calls is that web services need to get extra information in each request and then interpret to get the client's state.

The client can use tokens to call these APIs which are sent along with each request.