Some hint to program a webservice "by subscription"

Posted by Eagle on Programmers See other posts from Programmers or by Eagle
Published on 2013-10-18T13:45:23Z Indexed on 2013/10/18 16:12 UTC
Read the original article Hit count: 209

Filed under:
|

I have some web sites programmed, I know to do it with python and PHP basically. Normally they are simple web sites, but now I want to provide REST web services but only for allowed users (allowed by me).

I saw that a lot of services uses the "KEY" and "SECRET_KEY" concepts, which seems to be what I need (if I understand it right).

My suppositions are:

  1. If I only do a GET service to retrieve, e.g., all my clients, without anymore, anyone can retrieve my clients without limitations.
  2. I will need some KEY generator to provide keys for my allowed users, so they can use my webservices.
  3. Only with a KEY is not enough: someone can steal a KEY and supplant my user (and this is the reason because exists a SECRET_KEY, right?).

If all this is right, how can I make/use a system like that in my web services? Some open source example?

Or maybe there are another easy solutions I'm not considering?

My objective is to allow some users to use my web services.

© Programmers or respective owner

Related posts about security

Related posts about web-services