REST APIs, authentication via andriod

[ajlisowski]

Hey all. I am working on a web application which I plan on developing into andriod and iphone apps. I have developed an API for the web app, so the devices can make http requests to get information from the database and what not.

 

My concern is how to authenticate the user over this process. I can easily have username/password parameters i send with any request that requires authentication. However, that seems wrong. I should be able to authenticate once and be good. Ive also considered creating a token when they first send an authentication request and then have that token be sent. But again, I feel like im trying to create a solution that probably already exists.

 

How do facebook and twitter apps authenticate their users with those sites? I am sort of a beginner when it comes to developing an API and having third party authentication access to it. Any help or reading or anything would be great.