REST API键生成策略 [英] REST API key generation strategy
问题描述
我需要使用JAX-RS的标准,这意味着可以从移动客户端以及一些设备的消耗来实现。对于我的REST API提供授权和认证。我有一个唯一的设备标识多个设备可以张贴一些数据。移动客户端只是使用GET请求来显示数据。我更关心的POST部分,在这里我想客户端进行身份验证。另外,我想保持简单。我想到的是使用通过HTTPS一个简单的HTTP基本授权的,具有API密钥。我的问题是我怎么产生这个API密钥?
I need to provide authorization and authentication for my REST APIs implemented using JAX-RS standard, which are meant to be consumed from mobile clients and some devices. I have multiple devices with unique device identification which can POST some data. Mobile clients are just using GET requests to display that data. I am more concerned about the POST part, where I want to authenticate the clients. Also, I would like to keep it simple. I am thinking of using a simple HTTP basic authorization over HTTPS, with an API key. My question is how do I generate this API key?
推荐答案
研究发现,清除我的疑问API密钥的生成和使用它们验证了一些不错的文章:
Found some nice articles that cleared my doubt about the generation of API keys and using them for authentication:
http://restcookbook.com/Basics/loggingin/
http://www.smartjava.org/content/protect -rest服务 - 使用-HMAC-播放20
这篇关于REST API键生成策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!