Best way to implement public access token - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: Best way to implement public access token (/showthread.php?tid=80364) |
Best way to implement public access token - jtsimon - 10-23-2021 Hello CodeIgniters! I am just getting started on my journey using CodeIgniter. So far, I LOVE it! I am creating a RESTful API. This is the first RESTful API I have ever created so I am new to that as well. I will have 2 websites.
I need to make sure that API requests are made only by registered clients. I was thinking that in the main website database I can store the username, password, email, and a public API key (to link it to their account). In the API database, I can store the username and the public API key so that it's accessible for verification. The main website can make a call to the API to insert the username and API key that is linked to the account on the main website. Is this the best way to do this? If so, how can I verify a valid API key is supplied in the request? Should I make it part of the JSON get/post request that is sent to the API then before processing the request, make sure the API key is valid? I'm open to any suggestions or different implementation ideas. RE: Best way to implement public access token - InsiteFX - 10-24-2021 You can read this article should help you out. PHP cURL API calls with authentication (REST GET POST) RE: Best way to implement public access token - paliz - 10-24-2021 best way is jwt token RE: Best way to implement public access token - jtsimon - 10-24-2021 (10-24-2021, 09:27 AM)paliz Wrote: best way isĀ jwt token Is there a way to use JWT in that way? Where the user doesn't have to "login," but just supplies an access token? |