基于REST的API密钥的建议 [英] RESTful API keys suggestions
问题描述
我正在寻找关于一个RESTful API设计的建议。我读过很多关于REST API的计划,认证/授权方式等什么我不能决定是,如果我真的需要使用API密钥。从如果要监视的使用情况,限制每个应用程序的请求和统计数据据我所知使用的API密钥是非常有用的。
I'm looking for suggestions about a RESTful API design. I've read a lot about REST API schemes, ways of authentication/authorization etc. What I can't decide is if I really need to use API keys. From what I understand using API keys is useful if you want to monitor the usage, limit each application's requests and for statistical data.
我想避免是不得不添加/管理/删除应用程序,并添加/删除应用程序管理员创建额外的网络接口。也许有做API密钥分发简单的方法。或者我真的需要那些?我的意思是,监控和限制使用是冷静和声音有用的,但它是值得其他的事情我需要为键分布。
What I want to avoid is having to create additional web interfaces for adding/managing/removing applications and adding/removing application administrators. Maybe there's a simpler way to do the API key distribution. Or do I really need those? I mean, monitoring and limiting the usage is cool and sounds useful but does it deserve the other things I need to make for keys distribution.
要更具体的我的网站是一样的东西SlideShare上和scribd。我想给它的功能,API访问如添加和管理文档和获取有关用户的信息。因此,例如,上传文件,你需要以某种方式验证和使用特定帐户做到这一点。在这种情况下是一个API密钥的要求或者我可以只坚持与用户身份验证?
To be more specific my website is something like slideshare and scribd. I want to give API access to its functions like adding and managing documents and getting information about users. So for example to upload a file you need to somehow authenticate and use a specific account to do it. In this case is an API key a requirement or I can just stick with authenticating users?
那你认为什么是我处理API密钥的最好方法?或者我应该在所有使用它们?有没有更聪明的方法来分配(创建,删除)键?
So what do you think is the best way for me to handle API keys? Or should I use them at all? Is there a more clever way to distribute (create, remove) the keys?
在此先感谢:)
推荐答案
以及你知道mashery HTTP:// WWW。 mashery.com/ 并programmableweb?
well do you know mashery http://www.mashery.com/ and programmableweb?
也许有一些有用的ressources
http://www.mashery.com/solution/collegeboard
maybe there are some useful ressources http://www.mashery.com/solution/collegeboard
我会用统计和限制API密钥,也没有一个像谷歌API密钥用于某些服务不
i would use api keys for statistics and limitation but also serve some services without an api key like google does
您可以轻松地创建像解决方案的API
结果
Restler http://luracast.com/products/restler/
结果Frapi http://getfrapi.com/ 结果
该Datatank http://thedatatank.com/ 结果
服务(只为Drupal) http://drupal.org/project/services
You can create easily APIs with solutions like
Restler http://luracast.com/products/restler/
Frapi http://getfrapi.com/
The Datatank http://thedatatank.com/
Services (just for Drupal) http://drupal.org/project/services
有一些:的http://blog.programmableweb.com/2011/09/23/short-list-of-restful-api-frameworks-for-php/
这篇关于基于REST的API密钥的建议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!