Search the Community
Showing results for tags 'key'.
Hi I have a question about API keys and security. I am building a mobile app (learning) and will be using a PHP/MySQL JSON Rest API (designed myself) and I am new to APIs in general so some best practices would be appreciated if you have any? My real question is to do with securing these APIs. For example I was thinking of using user name and password that the user logs into the application with to be send over HTTPS for each request to validate the user is authorised and authenticated. However I have read that I should also be using API keys, so how would I integrate this in? Would each user have their own unique API key or would each system that uses this API have a unique key? If its each user that has their own key would I send all three pieces of data with the request (API Key, username and password). Any advice would be great. Thanks