There are basically two different ways of implementing server side authentication for apps with a front end and an API:
Session Based System
In session based system like social networking system, e-commerce system or net banking system, the user data are stored on server side in a text file in temporary directory when user logged into the system which is called session data. The server generates the unique session ID for each user’s session data and send back to the user.
User can store that Session ID in cookies so that it can be used for further communications. When user requests for particular data after login, user has to send the session ID with each request from the cookie, so server can authenticate the user. And according to that session ID, server gives response to that user.
Session based system is STATEful as the server has to store the session for each user at server side and also user has to store session id in cookies. So if there are number of users then it is very difficult to maintain scalability and performance of the system and it will use extensive memory.
To overcome this scenario, token based system comes into the pictures.
Token Based System
Token based system is stateless, means no user data are stored on the server side, only user has to store token at client side which improves the performance and scalability of the system. When user sends the subsequent request after login, user has to provide token to the server. And from the token, server identify the user and give response to user.