RESTful API 密钥建议 [英] RESTful API keys suggestions

问题描述

我正在寻找有关 RESTful API 设计的建议.我已经阅读了很多关于 REST API 方案、身份验证/授权等的方法.我无法决定是否真的需要使用 API 密钥.据我了解，如果您想监控使用情况、限制每个应用程序的请求和统计数据，使用 API 密钥很有用.

I'm looking for suggestions about a RESTful API design. I've read a lot about REST API schemes, ways of authentication/authorization etc. What I can't decide is if I really need to use API keys. From what I understand using API keys is useful if you want to monitor the usage, limit each application's requests and for statistical data.

我想避免的是必须创建额外的 Web 界面来添加/管理/删除应用程序和添加/删除应用程序管理员.也许有一种更简单的方法来进行 API 密钥分发.还是我真的需要那些?我的意思是，监控和限制使用很酷，听起来很有用，但它是否值得我为密钥分发做其他事情.

What I want to avoid is having to create additional web interfaces for adding/managing/removing applications and adding/removing application administrators. Maybe there's a simpler way to do the API key distribution. Or do I really need those? I mean, monitoring and limiting the usage is cool and sounds useful but does it deserve the other things I need to make for keys distribution.

更具体地说，我的网站类似于 slideshare 和 scribd.我想让 API 访问其功能，例如添加和管理文档以及获取有关用户的信息.因此，例如要上传文件，您需要以某种方式进行身份验证并使用特定帐户来执行此操作.在这种情况下，是否需要 API 密钥，还是我可以坚持对用户进行身份验证?

To be more specific my website is something like slideshare and scribd. I want to give API access to its functions like adding and managing documents and getting information about users. So for example to upload a file you need to somehow authenticate and use a specific account to do it. In this case is an API key a requirement or I can just stick with authenticating users?

那么您认为我处理 API 密钥的最佳方式是什么?还是我应该使用它们?有没有更聪明的方法来分发(创建、删除)密钥?

So what do you think is the best way for me to handle API keys? Or should I use them at all? Is there a more clever way to distribute (create, remove) the keys?

提前致谢:)

推荐答案

你知道 mashery http://www.mashery.com/ 和可编程网络?

well do you know mashery http://www.mashery.com/ and programmableweb?

也许有一些有用的资源http://www.mashery.com/solution/collegeboard

和http://www.3scale.net/

我会使用 api 密钥进行统计和限制，但也会像谷歌那样提供一些没有 api 密钥的服务

i would use api keys for statistics and limitation but also serve some services without an api key like google does

您可以使用以下解决方案轻松创建 API
Restler http://luracast.com/products/restler/
Frapi http://getfrapi.com/
Datatank http://thedatatank.com/
服务(仅适用于 Drupal)http://drupal.org/project/services

You can create easily APIs with solutions like
Restler http://luracast.com/products/restler/
Frapi http://getfrapi.com/
The Datatank http://thedatatank.com/
Services (just for Drupal) http://drupal.org/project/services

还有一些:http://blog.programmableweb.com/2011/09/23/short-list-of-restful-api-frameworks-for-php/

这篇关于RESTful API 密钥建议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！