Hi Matt, As I open the site up for developers to write external apps for, I'm thinking I want to log both the developer's api key, as well as make them register each 'app' they create.
1. Developer creates account on details.at 2. Developer applies for API Key 3. Upon approval, developer registers his/her first app and gets an 'appID'. 4. Developer has both API Key and app ID. 5. When making requests via API, they need to include both API Key and appID. 6. AppID and API Key is basically userID and password for the application to access our site. This way, I could set permissions/security levels for the apps. For instance, I could allow someone to develop an APP that's read only. Their registered app would have an AppID, and we could programatically limit them to functions that only get data, but they can't post anything. Any functions that write data would have a simple security check that queries the permissions of the app making the request. Does this seem logical? On Mon, Aug 13, 2012 at 10:48 AM, Matthew Woodward <[email protected]> wrote: > On Mon, Aug 13, 2012 at 8:42 AM, Jason Allen <[email protected]> wrote: >> >> 1. Has anybody written an API before and do you have any standards/guides >> I could read? > > > Check the "biggies" like Twitter, Netflix, etc. to get some good ideas about > creating good REST APIs. > > This is the seminal paper about REST: > http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm > > And I haven't read it but I've heard good things about this book: > http://shop.oreilly.com/product/0636920021575.do > >> >> >> 2. What's a good way to manage API keys? Should each user get their own >> API key? > > > Yes. > > -- > Matthew Woodward > [email protected] > http://blog.mattwoodward.com > identi.ca / Twitter: @mpwoodward > > Please do not send me proprietary file formats such as Word, PowerPoint, > etc. as attachments. > http://www.gnu.org/philosophy/no-word-attachments.html > > -- > online documentation: http://openbd.org/manual/ > http://groups.google.com/group/openbd?hl=en -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
