token based authentication in php

Question

I have an REST service on my webserver, written in php. I was wondering, what would be the best authentication (besides basic http access authentication). I\'ve heared of token-

Answer 1

Here's a question about token-based authentication. I think the most common token-based authentication today is OAuth. But to answer your questions:

On a GET: Is the token send visible? (isn't that unsafe?)

You can pass your tokens through HTTP headers so they are not so easily seen. OAuth allows this. Note that the tokens are still visible, they're just not in the GET query parameters.

How do I make the token only valid for a specific time?

Since you control (create) the tokens, you can set expiry dates for each token. On every request of your API, you should just check your token storage (e.g. Database) if the given token is still valid. If it is not, then you can abort the request (maybe return a HTTP 401 error).