Results 1 to 2 of 2
May 26, 2012, 04:09 #1
- Join Date
- Jun 2010
- 0 Post(s)
- 0 Thread(s)
Custom API Authentication problem
I am trying to create an API in Codeigniter, and I want the entire API to be private. What is the best way to authenticate each request?
Is GET passing a username and password good practice.. i.e. http://localhost/api/admin/12345/user/get_data/1
Here is my code, but at the moment I am just hardcoding the passwords, but need to figure out a way to dynamically pass them..
function ci_curl($new_name, $new_email)
$username = 'admin';
$password = '1234';
// Optional, delete this line if your API is open
'name' => $new_name,
'email' => $new_email
$result = json_decode($this->curl->execute());
if(isset($result->status) && $result->status == 'success')
echo 'User has been updated.';
echo 'Something has gone wrong';
May 26, 2012, 11:01 #2
- Join Date
- Aug 2008
- The Netherlands
- 119 Post(s)
- 2 Thread(s)
I wouldn't recommend sending a username and password in the GET request, as GET parameters are too sensitive, may be cached if there are caching servers in play (which not be now, but could be added later?)
Instead, I'd opt (and have used myself) for two-legged OAuth. A good example of how you can use that is over here: http://developer.yahoo.com/blogs/ydn...lient_example/
The advantage of OAuth is (among others) that credentials are not sent over the wire in plain sight (except for maybe the initial token request), and it's not possible to replay requests (i.e., take a request somebody else fired earlier and fire it again).
It's pretty much the de facto standard for APIs at this point.The 2013 SitePoint Awards - Nominate your heroes now!
Rémon - Hosting Advisor
Minimal Bookmarks Tree
My Google Chrome extension: browsing bookmarks made easy