问题
Possible Duplicate:
Restful API authentication recommendation?
I'm writing an API in PHP and it opted to use Respect/REST.
This is not a public API, ie, only authorized client applications can consume there. And this is where I would like some idea of how to guarantee the security of information that the API handles. The client applications can be written in any language, but as I said, they should be allowed to use the API.
At the moment I'm writing a test client for this API using jQuery.rest.
My doubts are:
1) How to ensure that only authorized clients can access the API?
2) How to ensure that every request made to the API has been authorized client?
回答1:
one of the most common approach its using oauth, but its not the only way.
Try to look resources at apigee they have useful free ebooks and webcast about api servers and authentication.
- OAuth: The Big Picture
- Web api design
- Is your api naked?
- API Façade Pattern
The first maybe will cover your doubts, the other are just to learn a little more about server API's
Also take a look at their videos and webcasts
来源:https://stackoverflow.com/questions/13516622/php-rest-api-authorization-for-client-applications