Creating an Authentication framework for an API
I am looking into creating an Public API so that we can open up some functions to our clients to develop against. I am sure that there are some good frameworks out there, I am just not sure where to start looking.
There are 2 things that this framework would need to achieve.
The Ability to approve/deny developers against the API. This is achieved in some other web applications with an API Code or Key. We would want to track these and be able to disable them if the Application they developed violated our T&C. and re-enable them latter if appropriate.
The Ability to authenticate a user in 开发者_运维问答a secured way without the consumer of the API being able to collect the User-name and Password. I Think this is achieved using technologies like oAuth, but i haven't been able to find any scenarios to help me understand oAuth.
What Libraries/frameworks are available to achieve these things. (Open source or paid)
One simple solution is to sign the request. For exemple I use a payment gateway that force me to add a sha1 hash of the concatenation of some data + a key I define in the admin.
This makes theys API very secure and I don't have to use complicated APIs and lot of code. I like it very much :)
精彩评论