0

Possible Duplicate:
Restful API authentication recommendation?

I'm writing an API in PHP and it opted to use Respect/REST.

This is not a public API, ie, only authorized client applications can consume there. And this is where I would like some idea of how to guarantee the security of information that the API handles. The client applications can be written in any language, but as I said, they should be allowed to use the API.

At the moment I'm writing a test client for this API using jQuery.rest.

My doubts are:

1) How to ensure that only authorized clients can access the API?

2) How to ensure that every request made to the API has been authorized client?

Improve this question
3
  • You need a token (or probably a different token for each client) and a handshake. Commented Nov 22, 2012 at 16:20
  • My concern is when a client JS, and this makes a request to the API using your token and a user that client copy that token and use in another application and this consumes my API as if it were an application authorized. Via SOAP token that would not be displayed in Firebug for example. How to avoid this? Commented Nov 22, 2012 at 16:57
  • Anything you do in JS by definition reveals the necessary access credentials to the user, no way around it. I'd suggest to use a different authentication mechanism there, most likely standard cookies and authorized sessions. Use the registered token method only for non-browser clients. Commented Nov 22, 2012 at 17:15

1 Answer 1

Reset to default
2

one of the most common approach its using oauth, but its not the only way.

Try to look resources at apigee they have useful free ebooks and webcast about api servers and authentication.

The first maybe will cover your doubts, the other are just to learn a little more about server API's

Also take a look at their videos and webcasts

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.