All geek questions in one place

What is the best way to handle API authentication for users (especially for mobile devices)

We want to create an API for our site. One of the main ways to use the API (I suspect) will be to provide users with the ability to create mobile applications (for the iPhone and, hopefully, other devices).

What is the best way to handle API authentication for users. As a rule, I don’t like to encourage our users to share their user / email / password data with third parties. However, does oAuth use an acceptable / mature enough to work with mobile devices? The only people using oAuth for mobile apps apparently were Pownce, who seemed to have problems with the user, and anyway I no longer need to see how they dealt with this problem.

(Our user base is very non-technical, so I would expect 1% of what ever dealt with oAuth)

The selection is as follows:

  • Ignore the problem with third parties and passwords
  • Get developers to implement oAuth integration
  • Try using something unfriendly (for example, using a secret key, not a password)

Did I miss something?

+3
source share
1 answer

I don’t think I fully understand your question, what do you mean by "handling user authentication APIs"? Do you want users to authenticate before using your API? Or something else?

One thought, and it’s true, I think, for any mobile platform. If you have an API that will work through a browser, then any mobile application at the first start after loading should be able to launch a browser (all mobile platforms allow this) and perform any type of one-time authentication.

, , .

0

Source: https://habr.com/ru/post/1734408/

More articles:


All Articles