Menu
I'm interested in creating API keys for web.api and allowing clients to communicate with API using the API keys rather than authorization web.api provides.
I want multiple clients to be able to communicate with the web.api. instead of creating username and password, can I use an api key, and allow clients to communicate with client.
Is there such built-in functionality?
if one wants to implement it, how would you go around it?
618
Creating a REST API Key 1. From the Configuration console, click Configure > Security Controls > API Keys. 2. Select the relevant group created for REST API from the Key Groups section.
The API key is a unique identifier that authenticates requests associated with your project for usage and billing purposes. You must have at least one API key associated with your project.
Go to the Google Maps Platform > Credentials page. On the Credentials page, click Create credentials > API key. The API key created dialog displays your newly created API key.
You are able to achieve by using HMAC Authentication. Basically, there might be a database table called ApiKey (apiKey, secretKey). Each client has each Apikey and secret Key:
ApiKey is like a public key and will be sent over HTTP (similar with username).
Secret Key is not sent over HTTP, use this secret key to do hmac some information and send hashed output to the server. From server side, based on the public key, you can get the relevent secret key and hash information to compare with hash output.
I have posted the detailed answer at: How to secure an ASP.NET Web API
You can change Username by ApiKey and Hashed Password by secret key on my answer to map with your idea.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
