I noticed that if I don't add an Authorization Token to the header of a Request but instead use Basic Auth with my username and password I'm still able to retrieve data. Is this approach ok?
@vikas.khurana, technically it works, but using that approach means you are going through the authentication process with each request. I'm not sure about this, but I think this might incur a slight overhead. I'd use the standard approach of tokens, which are valid for 24 hours.