Consuming wcfRest service from android/iphone

I need some good suggestions and ideas.

I have wcfRest service and the client is iPhone and Android. The client will GET and POST data.

I also made an API key which is a GUID, for the client.

BUT, do the client need to supply 开发者_运维知识库the api key with every method they request?? Or is there any way that I can store in the session or something??

for example:

json/getUserDetails/{userID}/{apikey}

json/saveUser/{apikey}

You could try checking out OAuth, that's the security method Twitter, Facebook, Google and others use. Since sending the API key to the server could lead you to someone getting it and doing stuff you might not like.

OAuth

An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. It also works with mobile.

http://oauth.net/

Also check out the different languages http://oauth.net/code/

You'll have to send something on each request - whether it's the API key or an authenticated header, you need a way to authenticate the caller. So the easiest way would be to send the api key with each request, although using the header is a better idea.