The backend system of any application handles sensitive data. That includes operations to create, modify, store, retrieve, and delete data when needed.
It is important to know who can access and modify these data, so security checks and systems are put in place to limit who can access them.
Authentication and authorization are part of the security systems that are put in place to secure sensitive data in backend systems.
Understanding Authentication In Backend Systems
Authentication involves checking the identity of a user or users before providing access to the system or app. It is used to verify user credentials before granting access to an entire system or specific functionality.
Understanding Authorization In Backend Systems
Authorization checks if a user(s) has the authority(ies) to access a resource in an application. In other words, authorization confirms if a user is authorized or has the authorization to access a specific functionality in an app or not.
Importance Of Authentication and Authorization In A Backend System
As mentioned, authentication and authorization are both security systems that help secure sensitive data in any backend system. Each of them has a distinct role in securing the APIs and data in the backend system of any application.
Difference Between Authentication and Authorization
Let’s explore the differences between authentication and authorization and the role each plays in backend system security.
Let’s explore the differences between authentication and authorization and the role each plays in backend system security.
| Authentication | Authorization | |
|---|---|---|
| Use Case | Checks User ID or log in details. Verifies log in details and provide access. | Checks for User authorization to access a resource or functionality. |
| When Invoked | Authentication is done before authorization. | Authorization is done after authentication. |
| Requirement | Requires User ID or Login Details. | Requires User Role or Privileges. |
| Error Response | Returns a 401 Error Response if authentication fails. | Returns a 403 Error Response if authorization fails. |
| Summary | Authentication verifies a User's Identity. | Authorization checkmates what a User is allowed to do after the User's identity has been verified. |
Real Case Scenario Of Concepts
If you’re still finding it hard to differentiate between these concepts, here is a real case scenario to help you understand better.
For instance, a bank application. A customer and bank employee can access the bank application. Both are considered as users. The customer or bank employee trying to access the bank app has to input a valid email address and password into the bank application.
The function of the authentication system is to ensure that the username and password entered by either the customer or the employee are valid. After verifying these details, both the customer and employee can access the bank app.
Authorization on the other hand will be used to determine the roles and authorities of the user to checkmate the functionality the user can access on the app. In this instance, the bank employee will have access to the database of customers, which the customer can’t access.
In Summary
So far, this post has explained authentication and authorization in detail and the roles both concepts play in securing the backend system of an application. This is an introductory post. Subsequent posts will handle security architecture and more complex details.
Top comments (1)
Hello, you wrote:
Tricky question: is here Identification/Authorization or only the Authorisation is here?
crypt.fyi/R3uwwSoFMA~xLVm6sbyM?key...
Yeah, i'm talking about access by the link 😉