All geek questions in one place

Authentication / Security RESTful API

I am developing a RESTful API for my python GAE application, and now I am trying to find the best way to protect this API. I have my own membership / authentication mechanism in this application.

What is the best way to do this?

  • with pairs of public / private keys
  • becomes an OAuth provider.
  • HTTP authentication (seems to me very weak)
  • other??
+4
source share
2 answers

Cancel HTTP authentication first. It is not recommended in the true REST API, as it is in cookies.

I would go with Oat. There is a library called appengine_oauth_provider that can help you get started implementing your own provider.

+2
source

You can use your Google account to authenticate users. However, people can still register an account and use your API, and, of course, your engine counter will grow. They simply represent the Google Cloud endpoints in Google I / O 2012. You will have a client identifier that will only be used in your client application (Android, iOS).

Google I / O 2012 - Creating Android Applications That Use the Web API with Yaniv Inbar and Sriram Saruop

Google I / O 2012 - Creating Mobile Applications for Mobile Applications for Android, iOS and the Internet

If you are interested, you should try to register in a trusted test on

http://endpoints-trusted-tester.appspot.com/

+2
source

Source: https://habr.com/ru/post/1436646/

More articles:


All Articles