REST API 密钥生成策略 [英] REST API key generation strategy
问题描述
我需要为使用 JAX-RS 标准实现的 REST API 提供授权和身份验证,这些 API 旨在从移动客户端和某些设备使用.我有多个具有唯一设备标识的设备,可以发布一些数据.移动客户端只是使用 GET 请求来显示该数据.我更关心 POST 部分,我想在这里对客户端进行身份验证.另外,我想保持简单.我正在考虑通过 HTTPS 使用简单的 HTTP 基本授权和 API 密钥.我的问题是如何生成此 API 密钥?
I need to provide authorization and authentication for my REST APIs implemented using JAX-RS standard, which are meant to be consumed from mobile clients and some devices. I have multiple devices with unique device identification which can POST some data. Mobile clients are just using GET requests to display that data. I am more concerned about the POST part, where I want to authenticate the clients. Also, I would like to keep it simple. I am thinking of using a simple HTTP basic authorization over HTTPS, with an API key. My question is how do I generate this API key?
推荐答案
发现一些不错的文章,消除了我对 API 密钥生成和使用它们进行身份验证的疑问:
Found some nice articles that cleared my doubt about the generation of API keys and using them for authentication:
http://restcookbook.com/Basics/loggingin/http://www.smartjava.org/content/protect-rest-service-using-hmac-play-20
这篇关于REST API 密钥生成策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!