User registration in REST API

Question

User registration in REST API

I have a PHP web application that I want to make available to multiple clients. So I'm trying to make it look more like an API. My question is: how can I handle creating new users using the API? If I have a URL like http://example.com/user/signup that accepts new user data and creates a new user through a POST request, is it not a problem that people can abuse it and easily create fake users?

+4

php web-services restful-authentication

Bhakta nall Mar 14 '11 at 7:40

source share

2 answers

n00b · Answer 1 · 2011-03-14T08:06:03+0000

I would recommend only allowing an open identifier in the API, as it would be difficult to implement bot prevention schemes in it (captcha ...)

In any case, even an open id isint, which is a great idea in the API. Are you sure you need registration accessible through the API?

Bigomega · Answer 2 · 2011-06-08T13:33:07+0000

What you need to do is use something like OAuth to authenticate access to your system from registered "applications". Customers can then register for access and receive a token key and secret. They can then use these things to create an access token request. Both parties sign a token using a secret, and then can use an encrypted access token to access the API. Your server checks the incoming token using a secret that only you and authorized clients can have. Now it is safe.

User registration in REST API

More articles: