Let say that I have a website with some information that could be access externally. Those information need to be only change byt the respected client. Example: Google Analytic or WordPress API key. How can I create a system that work like that (no matter the programming language)?
-
Simple:
- Generate a key for each user
- Deny access for each request without this key
From rassie -
A good way of generating a key would be to store a GUID (Globally Unique Identifier) on each user record n the database. GUID is going to be unique and almost impossible to guess.
From digiguru -
A number of smart people are working on a standard, and it's called OAuth. It already has a number of sample implementations, so it's pretty easy to get started.
bryanpearson : Agreed. Pownce.com and many other have successfully implemented/produced OAuth, and its the best way, IMO, to get the results your after.Daok : The website of OAuth explain well the situation. Thx for the solution.From Aeon -
Currently, I use a concatenation of multiple MD5s with a salt. The MD5s are generated off of various concatenations of user data.
From Ian P -
Here is a document on API design.
Daok : I give you 1 point but the document is pretty beginner... Most thing is simple coding concept.From Gaurav
0 comments:
Post a Comment