I’m in the middle of creating an API for our app and wanted to get
some feedback on the best way to generate unique APIKEY’s for each
account. Similar to Basecamp’s API keys for example.
md5 hash of username:password? base64 encoding? random string of
characters?
I would use a completely random hex code. I would seriously avoid
hashing
the username & password, that leaves all your users vunerable to a
dictionary attack.