Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Web API creating API keys

I'm interested in creating API keys for web.api and allowing clients to communicate with API using the API keys rather than authorization web.api provides.

I want multiple clients to be able to communicate with the web.api. instead of creating username and password, can I use an api key, and allow clients to communicate with client.

Is there such built-in functionality?

if one wants to implement it, how would you go around it?

like image 618
DarthVader Avatar asked Aug 06 '12 14:08

DarthVader


People also ask

How do I add API key TO REST API?

Creating a REST API Key 1. From the Configuration console, click Configure > Security Controls > API Keys. 2. Select the relevant group created for REST API from the Key Groups section.

What is API key in Web API?

The API key is a unique identifier that authenticates requests associated with your project for usage and billing purposes. You must have at least one API key associated with your project.

Where is my web API key?

Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key.


1 Answers

You are able to achieve by using HMAC Authentication. Basically, there might be a database table called ApiKey (apiKey, secretKey). Each client has each Apikey and secret Key:

  1. ApiKey is like a public key and will be sent over HTTP (similar with username).

  2. Secret Key is not sent over HTTP, use this secret key to do hmac some information and send hashed output to the server. From server side, based on the public key, you can get the relevent secret key and hash information to compare with hash output.

I have posted the detailed answer at: How to secure an ASP.NET Web API

You can change Username by ApiKey and Hashed Password by secret key on my answer to map with your idea.

like image 177
cuongle Avatar answered Oct 04 '22 00:10

cuongle