REST API 密钥生成策略 [英] REST API key generation strategy

问题描述

我需要为使用 JAX-RS 标准实现的 REST API 提供授权和身份验证，这些 API 旨在从移动客户端和某些设备使用.我有多个具有唯一设备标识的设备，可以发布一些数据.移动客户端只是使用 GET 请求来显示该数据.我更关心 POST 部分，我想在这里对客户端进行身份验证.另外，我想保持简单.我正在考虑通过 HTTPS 使用简单的 HTTP 基本授权和 API 密钥.我的问题是如何生成此 API 密钥?

I need to provide authorization and authentication for my REST APIs implemented using JAX-RS standard, which are meant to be consumed from mobile clients and some devices. I have multiple devices with unique device identification which can POST some data. Mobile clients are just using GET requests to display that data. I am more concerned about the POST part, where I want to authenticate the clients. Also, I would like to keep it simple. I am thinking of using a simple HTTP basic authorization over HTTPS, with an API key. My question is how do I generate this API key?

推荐答案

发现一些不错的文章，消除了我对 API 密钥生成和使用它们进行身份验证的疑问:

Found some nice articles that cleared my doubt about the generation of API keys and using them for authentication:

http://restcookbook.com/Basics/loggingin/http://www.smartjava.org/content/protect-rest-service-using-hmac-play-20

这篇关于REST API 密钥生成策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！