I want to create a flexible API wrist server, I will allow customers authentication to use HTTP or an APIKEY.
My question is, what is the correct way to add APKC to GET request? My problem is apikey url pollutes.
I imagine something like this: / book / 1 / apikey / s4cr4t!
In my opinion you should only use the authorization header
Putting in the URL It is a bad idea because:
a) Just as you said it pollutes the URL. Go to SSL for security then the API will still be displayed in log files c) The cache will end to create more than one copies of the same presentation, for each API key
your own authorization plan For more information about making
Comments
Post a Comment