authentication vs authorization

web security systems are based on a two-step process. 
The first step is authentication, which 
ensures the user identity
second step is authorization, which 
allows the user to access the various resources 
based on the user's identity.

Authentication : 
				telling the system who you are 
				by providing username and password.


		Authorization : 
				things you can do according to who you are 



 ------  few ways of Authorization: 
 		Basic Auth --
 			 providing username and password for each and every request you 
             make

 		Token based 
 			generate a long token just one time 
 			and use that for the rest of the request 

 			similar to the visitor tag you get when you go to certain 
            restricted areas 


 			API KEY --- 


 			Bearer Token --