I am looking for RESTful API design suggestions. I read a lot about REST API schemes, authentication / authorization methods, etc. I cannot decide if I really need to use the API keys. From what I understand, using API keys is useful if you want to control usage, limit every application request and statistics.
I want to avoid the need to create additional web interfaces for adding / managing / removing applications and adding / removing application administrators. There may be an easier way to distribute the API key. Or do I really need this? I mean, monitoring and restricting usage is great and sounds useful, but it deserves the other things I need to distribute the keys.
To be more specific, my site is similar to slide shows and scribd. I want to give the API access to its functions, such as adding and managing documents and getting user information. For example, to upload a file, you need to authenticate somehow and use a specific account for this. In this case, an API key is required, or can I just stick with user authentication?
So, what do you think is the best way for me to handle API keys? Or should I use them at all? Is there a smarter way to distribute (create, delete) keys?
Thanks in advance:)
source
share