Probably the best explanation I have understood, without getting into too much technical or code specific explanation, so have a listen
So as I understand it:
- You need to get a token off the web service using some form of authentication
- That token is valid for a time period (say 20 min)
- You then use that token to carry out calls to the web server
- You need to refresh that token before it expires or you will need to get a new token
- As the web service only keeps one bit of information: The tokens and their expiry time, it is easy to handle many sessions, (scaleability)
- The Rest URL often contains data to pass to the server
- It is stateless