In a app RESTful, all api’s are public. How to leave a private API?
Validation throw username and password is a good idea, or maybe restrict
by
a source-request-ip that should be in the yaml config file?
2007/11/5, Marcelo J. [email protected]:
On Nov 5, 2007 7:50 AM, Marcelo J.
[email protected] wrote:
In a app RESTful, all api’s are public.
No they aren’t.
How to leave a private API?
Authentication. Either use HTTP AUTH or an API key mechanism.
Pat
I’m trying to implement an authenticated API as well (similar to
Highrise and other 37signals apps). We use restful_authenticated and
wanted to make something that hooks into the standard username/
password system we have. HTTP AUTH seems to be the best option, but
will something like OAuth work better? Or is OAuth something you add
on top of HTTP AUTH for a REST API? If anyone has done this…