I'm developing api's for a game and I need to know in each call witch user in game called server api's.
I've read RESTFULL api is state less and By adding session (or anything else of that kind) you are making it stateful and defeating any purpose of having a RESTful API. So, what is the best practice to authentication and authorization request? Now, client post login request, server generate hash token and store and return to client, client put it in all other request header and server find user by this token.
