mds1256 Posted December 21, 2016 Share Posted December 21, 2016 Hi I have a question about API keys and security. I am building a mobile app (learning) and will be using a PHP/MySQL JSON Rest API (designed myself) and I am new to APIs in general so some best practices would be appreciated if you have any? My real question is to do with securing these APIs. For example I was thinking of using user name and password that the user logs into the application with to be send over HTTPS for each request to validate the user is authorised and authenticated. However I have read that I should also be using API keys, so how would I integrate this in? Would each user have their own unique API key or would each system that uses this API have a unique key? If its each user that has their own key would I send all three pieces of data with the request (API Key, username and password). Any advice would be great. Thanks Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.