stackoom
  简体   繁体   中英

how to communicate b/w two web applications securely using API?

 原文  2012-10-19 18:13:04       php/ api/ oauth

Question

I have a main website (which contain all data) and multiple client websites which fetch data from the main website. Each client website has access to different set of data on main website. I want to create a PHP based web API for this. This is my first API so I am not sure what is the best and most secure way to do this.

After some googling I found OAuth to be the most common authentication method for APIs. however in my case I want the client website to be configured once and then the communication should be automatic, ie communication should take place in background without any user interference. Is OAuth required for this scenario?

Or is there any other method I can implement here?

3 answers

solution1
 1  2012-10-19 18:25:10

oauth is way to complicated to implement for your needs.

If you are using rest, i suggest using a basic-auth in the header and using SSL so that your communication is encrypted.

You could make a small SecurityFilter that checks if for any request with a url pattern /api/ that the basic-auth is correct and that it use SSL...

solution2
 1  2012-10-19 18:27:43

It really depends on how you are exposing your API.

If you are using REST, HTTP Basic Auth over HTTPS is sufficient. I see a lot of people try to implement their own solutions when the provided approach is quite sufficient.

If you are using SOAP, there is a SOAP-based approach you could use: WS-Security (which is just a standard using anything from SAML assertions to OAuth tokens).

If passing Basic Auth credentials over HTTPS is too "open" for you, in that the credentials are saved in config on the client server somewhere, OAuth2 is probably the best solution. Doing OAuth on the server side wouldn't require any user interaction. You just store your tokens in a server config and let the OAuth library take care of the rest. PHP has a library for this PHP OAuth Library . There are plenty of OAuth2 libraries for PHP. Just Google it.

solution3
 0 ACCPTED  2012-10-25 16:57:20

After some more googling and research I found answer to my question:

The scenario I explained is an example of 2-legged oauth (one can find many articles about 2-legged and 3-legged oauth)

Also, OAuth is not difficult to implement, infact for a developer with good knowledge of API and Auth system its very easy.

Here's a link of very good php OAuth library with example code http://code.google.com/p/oauth-php/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to integrate two different applications ? Web applications How to communicate between PHP and WCF securely How to securely connect to a web api from a AngularJS site how to get records b/w two dates that incremented by 1 month in mysql Securely communicate with mysql server (MariaDB) using javascript and php (NO jQuery) Struggling to communicate with the utorrent web API How can I securely communicate between a Java Client and CodeIgniter Server? How to securely use api key How to communicate with an API Calculate the difference b/w two months data
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM