What is the difference between using CSRF token or API Token? Is there any better? Performance? security?
I want to do Laravel 10 integration with nuxt.js 3.
And I see in some videos, people using only the CSRF token and I want to know the real difference.
2
Answers
A CSRF(Cross-Site Request Forgery) token: A unique identifier that is generated by the web application and stored in the victim’s browser. When the victim submits a request to the web application, the CSRF token is included in the request. Whenever the request is submitted then the web application verifies the CSRF token to ensure that the request was initiated by the victim.
An API token: A unique identifier that is generated by the API provider and assigned to a particular user or application. When a user or application wants to access the API, they must provide the API token in the request. The API provider then verifies the API token to ensure that the request was initiated by the authorized user or application.
CSRF Token is mostly used during form submissions to know if the form is submitted from where its wanted to be submitted from. This helps the server know if the post request is genuine or its someone else trying to impersonate a user(If it is, then CSRF token will be wrong) so bottom line.
API Token is for authenticating users to get the service (its just like username/password)
CSRF Token is for knowing if the user is the actual user
the user’s session and sent with each request to the application. The
application verifies that the token in the request matches the token
stored in the session to ensure that the request was made by the
authenticated user.
access protected resources on the API. API tokens are typically
stored in a secure location, such as a database or a file system.
In summary, CSRF Tokens are used to protect against attacks on web applications, while API Tokens are used to authenticate requests to APIs.