API key authentication and user authentication best pratice

Question

Can someone guide me on the best practice for this situation;

I have a REST service which developers can access with an API KEY. (I have this working in the WCF WEB API), so this part is done.

I would like developers to be able to validate a USER. i.e. use REST to check the username and password entered by a user.

Each of the end point methods only needs API KEY authentication, rather than basic authentication on the method call (if you see what I mean).

How should I best implement this?

Phil.

score 0 · Accepted Answer · edited May 23 '17 at 12:21

0

To securely send password data to a RESTful service you will need to secure communications across http. There are loads of ways to do this, see this post here: How to secure RESTful web services?

edited May 23 '17 at 12:21

Community

1
1

answered Jan 08 '12 at 12:08

tom redfern

30,562
14
91
126

API key authentication and user authentication best pratice

1 Answers1