RESTful API 密钥建议 [英] RESTful API keys suggestions
问题描述
我正在寻找有关 RESTful API 设计的建议.我已经阅读了很多关于 REST API 方案、身份验证/授权等的方法.我无法决定是否真的需要使用 API 密钥.据我了解,如果您想监控使用情况、限制每个应用程序的请求和统计数据,使用 API 密钥很有用.
I'm looking for suggestions about a RESTful API design. I've read a lot about REST API schemes, ways of authentication/authorization etc. What I can't decide is if I really need to use API keys. From what I understand using API keys is useful if you want to monitor the usage, limit each application's requests and for statistical data.
我想避免的是必须创建额外的 Web 界面来添加/管理/删除应用程序和添加/删除应用程序管理员.也许有一种更简单的方法来进行 API 密钥分发.还是我真的需要那些?我的意思是,监控和限制使用很酷,听起来很有用,但它是否值得我为密钥分发做其他事情.
What I want to avoid is having to create additional web interfaces for adding/managing/removing applications and adding/removing application administrators. Maybe there's a simpler way to do the API key distribution. Or do I really need those? I mean, monitoring and limiting the usage is cool and sounds useful but does it deserve the other things I need to make for keys distribution.
更具体地说,我的网站类似于 slideshare 和 scribd.我想让 API 访问其功能,例如添加和管理文档以及获取有关用户的信息.因此,例如要上传文件,您需要以某种方式进行身份验证并使用特定帐户来执行此操作.在这种情况下,是否需要 API 密钥,还是我可以坚持对用户进行身份验证?
To be more specific my website is something like slideshare and scribd. I want to give API access to its functions like adding and managing documents and getting information about users. So for example to upload a file you need to somehow authenticate and use a specific account to do it. In this case is an API key a requirement or I can just stick with authenticating users?
那么您认为我处理 API 密钥的最佳方式是什么?还是我应该使用它们?有没有更聪明的方法来分发(创建、删除)密钥?
So what do you think is the best way for me to handle API keys? Or should I use them at all? Is there a more clever way to distribute (create, remove) the keys?
提前致谢:)
推荐答案
你知道 mashery http://www.mashery.com/ 和可编程网络?
well do you know mashery http://www.mashery.com/ and programmableweb?
也许有一些有用的资源http://www.mashery.com/solution/collegeboard
我会使用 api 密钥进行统计和限制,但也会像谷歌那样提供一些没有 api 密钥的服务
i would use api keys for statistics and limitation but also serve some services without an api key like google does
您可以使用以下解决方案轻松创建 API
Restler http://luracast.com/products/restler/
Frapi http://getfrapi.com/
Datatank http://thedatatank.com/
服务(仅适用于 Drupal)http://drupal.org/project/services
You can create easily APIs with solutions like
Restler http://luracast.com/products/restler/
Frapi http://getfrapi.com/
The Datatank http://thedatatank.com/
Services (just for Drupal) http://drupal.org/project/services
还有一些:http://blog.programmableweb.com/2011/09/23/short-list-of-restful-api-frameworks-for-php/
这篇关于RESTful API 密钥建议的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!