Results 1 to 1 of 1
May 24, 2012, 12:01 #1
- Join Date
- Aug 2005
- 0 Post(s)
- 0 Thread(s)
REST with authentication using OAuth/similar?
I am trying to grasp some concepts here. I have implemented a series of REST services - works great. However once exposed to the world (which they need to be to support clients like iPhone, etc) how/where do I verify the user is allowed to do so?
I want only authenticated clients to access the REST services (most of the anyway - a few are public). Should I use an API-KEY approach? OAuth? How does the REST server/services know whether a client making the request is indeed who they say they are? I want client ABC using an iPhone to only be able to update/delete/add records to their account so the REST server would need some way of looking up the API-KEY and matching that with a user ID.
Experiences, ideas, opinions?
AlexThe only constant in software is change itself