当前位置: 动力学知识库 > 问答 > 编程问答 >

rest - Developing a Service with API Keys (starting point)

问题描述:

Looked on google and couldn't find anything.

Any good resources to get started designing my backend for a RESTless webapp thats going to rely heavily on API keys.

I know how to write restless webservices etc, just never used API-keys. Generally do people just generate guids for users etc?

网友答案:

GUID's are typically not "random" enough and can be easily guessed by the bad-guys.

Take some "random" data like the user's password hash, some random numbers and run the result through sha1 or a similar hash function.

If you want one API key per account, simply add it to the account metadata table. Otherwise use a table linked to the accountIds to store the api keys.

Server side use a cache using the api-key as the key to store temporarily the account metadata so you only need to go to the db once per session.

And of course everything must go over https to avoid that the API key be stolen.

Now if your service is "session" oriented you can consider using a temporary session key so you do not need to expose the API key. Look for public key encryption to investigate this further.

网友答案:

Here's how I'm creating API keys for a web service:

string CreateApiKey(int length)
{
    var bytes = new byte[length * 2];   
    using (var rng = new RNGCryptoServiceProvider()) 
        rng.GetBytes(bytes);
    var chars = Convert.ToBase64String(bytes)
        .Where(char.IsLetterOrDigit)
        .Take(length)
        .ToArray();
    var key = new String(chars);
    return key;
}
分享给朋友:
您可能感兴趣的文章:
随机阅读: