REST GET requests, verbs and apikey

Question

I want to create a flexible API support server. I will allow clients to authenticate using HTTP or APIKEY.

My question is: what is the correct way to add apikey to a GET request? My problem is that apikey is polluting the url.

I present something like this: / book / 1 / apikey / s4cr4t!

+3

danidacar Mar 17 '11 at 4:52

3 answers

Authorization:

GET http://domain.com:/book/1
Authorization: apikey="s4cr4t"

+4

EGL 2-101 17 . '11 7:04

, , :

, . (: - ). , "" REST : , . , , . , /, API .

, :

HTTP-

. , , Basic Auth. , , SSL. , .

cookie. cookie , , " " ( : , "-" ). , PUT (+ info) 200 OK POST (+ info) 201 Created and Location:/sessions/123334. , , IP- , api ..

, Api-Key: XXXX. . Set-Cookie - " " , . (PUT + POST) ( ).

, . // .

API RESTful . . HATEOAS . , .

Do not encode any data in a URI. (Out-of-band information)

+2

Derick schoonbee Mar 20 '11 at 11:16

Darrel Miller · Accepted Answer · 2011-03-17T11:17:26+0000

In my opinion, you should use only the authorization header. This is what it is for.

Putting it in a url is a bad idea because:

a), , URL-
) SSL , API
c) , api.

.