How do you set up an API key system for your website?
-
09-06-2019 - |
Question
Let say that I have a website with some information that could be access externally. Those information need to be only change by the respected client. Example: Google Analytic or WordPress API key. How can I create a system that work like that (no matter the programming language)?
Solution
A number of smart people are working on a standard, and it's called OAuth. It already has a number of sample implementations, so it's pretty easy to get started.
OTHER TIPS
Here is a document on API design.
Simple:
- Generate a key for each user
- Deny access for each request without this key
Currently, I use a concatenation of multiple MD5s with a salt. The MD5s are generated off of various concatenations of user data.
A good way of generating a key would be to store a GUID (Globally Unique Identifier) on each user record n the database. GUID is going to be unique and almost impossible to guess.
There are also infrastructure services that manage all this for you like http://www.3scale.net (disclosure I work there), http://www.mashery.com and http://www.apigee.com/.