Securing API requests

Asked Nov 03 '16 at 20:29

Active Nov 03 '16 at 20:32

Viewed 39 times

I'm creating my first API in PHP for a demo, so it's not going to be used in real world. As a part of my demo I need user registration and authorization. As this is a demo I don't need much security but I don't want just to pass the users credentials in the request url either.

I like the solution suggested in the answer to this question Building Secure Public API with PHP/MYSQL. But it's unclear how we should pass the password to the server when the user is registering for the first time and what we should store on the server (e.g. the password itself?)

Also if anyone could just suggest anything else, I'd appreciate it. I'm completely new to this and a little confused after having read a lot of articles on the topic for the last few days.

edited May 23 '17 at 12:19

Community

asked Nov 03 '16 at 20:29

user3829451

1

Heads-Up, don't use HTTP (!) when sending user/pasword. Always HTTPS! – Roger Nov 03 '16 at 20:32
Have a look here: http://php.net/manual/en/book.oauth.php – Roger Nov 03 '16 at 20:34
Use an API key and only use HTTPS for communications. Username and password aren't something you want to use over an API. – tadman Nov 03 '16 at 20:44

Securing API requests

0 Answers0