仅为我自己的移动应用程序创建API.我需要OAuth吗? [英] Creating an API only for my own mobile apps. Do I need OAuth?

问题描述

我将要创建支持现有Web应用程序的移动应用程序(iOS，Android，..)，现在正在考虑如何从我的网站向我们的移动应用程序提供安全的API(ASP.Net Web API).

I am about to create mobile applications (iOS, android, ..) to support existing web application and now thinking how to provide a secure API (ASP.Net Web API) from my web to our mobile apps.

OAuth似乎是最好的方法. 据我了解，它旨在启用针对我们的API编写的第三方应用程序.但是我只将Web服务仅用于自己的应用程序.

OAuth seems the best way to do it. From what I understand, it is designed to enable 3rd party applications written against our API. But I only use the web services just for my own apps.

我需要使用OAuth，还是有任何简单的方法?

Do I need to go with OAuth, or is there any simple way?

推荐答案

OAuth有2个分支版本，专门用于2方安全性.也就是说，您不需要使用OAuth. REST服务基本上只是HTTP服务，因此您可以使用任何喜欢的HTTP身份验证，即使基本身份验证也可以正常工作.只需记住使用HTTPS来保护您的在线密码即可.

There is a 2 legged version of OAuth that is designed for 2 party security. That said you don't need to use OAuth. A REST service is basically just an HTTP service so you can use any HTTP authentication you like, even basic authentication will work just fine. Just remember to use HTTPS to protect your passwords on the wire.

这篇关于仅为我自己的移动应用程序创建API.我需要OAuth吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！