REST API authentication strategies when using OpenID


What sort of mechanisms are people using to expose their APIs to people
they use OpenID?

On a recent project, I just generated an email + api key pair for each
account and I tell people to use that, then my authentication system
for that in lieu of openID credentials. I’d really be interested to see
what others are doing.