How to use the key and secret for verification?

Question

How to use the key and secret for verification?

In most APIs such as facebook and bebo, in order to use the API there, you have to get the key and the secret, I'm just wondering what good methods such a system does. I will use PHP / MysQL.

How can I verify that the user key and secret are ok when the application sends an API request? I was thinking about storing them in mysql, and I will keep them there no matter what, but I was wondering if there is any other method that is better for the validation process, instead of hitting the database every time hit API?

+1

api php key

Jasondavis Jan 2 '09 at 16:33

source share

3 answers

Download the auto info in memcached and you save the entries in db.

0

NA. Jan 2 '09 at 16:44

source share

you need to save the key / secret combo somewhere. I think its impossible to not have a db hit unless you use some kind of caching like memcached.

with respect to the key / secret implementation, the public / private key command is used in several places. you encrypt the data using the private key, and then send it to where it is decrypted using the public key (or vice versa). I think the openssl package has this functionality.

http://php.net/manual/en/book.openssl.php

-d

0

dw. Jan 2 '09 at 16:57

source share

Sampson · Accepted Answer · 2010-01-02T16:34:53+0000

If the key is an encrypted form of the domain and the secret they use, you will not need to hit db to verify them.

if ($key != encrypt($domain . $secret)) // die

How to use the key and secret for verification?

More articles: