Is there a standard way to authenticate applications to your web API?

Question

I'm looking at building a simple web app that will expose an API that lets third-party (well, written by me, but that's not the point) apps query for and modify user-specific data stored on the site.

Obviously I don't want to allow apps to be able to get user-specific information without that users consent. I would want some kind of application authentication where users allow an application they run to use the web API to access their information.

Is there a standard way to achieve this or does every app (i.e. rememberthemilk) just hack up a bespoke solution specifically for them?

Answer 1

Will OAuth work for you? That's the problem it was designed to solve.

Answer 2

Also be careful to access your web service via HTTPS if the data is traversing the Internet. People take great pains to authenticate their web services, but then leave them vulnerable to network sniffing.