Building Secure Public API with PHP/MYSQL

Question

I'm currently building an API for a very busy internet website. Its being written in PHP with MySQL. Now this is my first API that i'm writing that allows people to access their account remotely. Once the API is online, developers will be able to write their own tools from it.

Now I have the API working, but I'm not sure if its entirely safe.

An example URL that would work is: http://domain.com/api.php?api_option=list&api_user_name=USERNAME&api_user_password=PASSWORD

USERNAME: would be the users actual username

PASSWORD: would be the MD5 encoded string of their actual password.

If the details match, a result is returned, if not, and error.

All external $_GET inputs get the mysql_real_escape_string() treatment.

I wanted to keep things simple, but I'm not sure if this way is a SAFE way of having a public API that taps directly into users accounts data.

Ideas and suggestions are much appreciated.

Answer 1

Please, for the love of the Internet, DO NOT DO THIS. I implore you to put the time into implementing OAuth for your API. Please. Please please please.

Take a look at this: http://toys.lerdorf.com/archives/55-Writing-an-OAuth-Provider-Service.html

Answer 2

Do not use a password for API clearance, even if it is encoded, especially if it is encoded in MD5. Furthermore I would not use the users username as well. Let the user generate a key. You are giving someone the ability to know 50% of what they need to know to access a user's account, and MD5 has a lot of sites that you can reverse it and find a password match. A key is certainly the best way to go so a developer could regenerate it further down the road for security purposes. Always think of security.