I'm building a Web API that will require a developer or API key for access. Is it better to require the API key be in the querystring or in the request headers?
ASP.NET Web API 4
Asked
Active
Viewed 439 times
2
-
http://stackoverflow.com/q/9829427/1157215 This guy wrote an entire blog entry on the subject Check it out. – Ccorock Sep 19 '12 at 01:07
2 Answers
1
In general I think a request header is optimal, but if you're planning to have your API called from a browser you should use a request parameter: it is often harder to do request headers from browser code than from server side code.
Femi
- 64,273
- 8
- 118
- 148
1
In my opinion is cleaner to use HTTP headers for this. It allows you to keep the url only for identifying the resource to access while you use headers for protocol and access control.
Claudio Redi
- 67,454
- 15
- 130
- 155