php - Authenticating users for write-access via an API

753

I'm building an API for my site and I'm faced with a problem. I want my users to be able to "log in" to their account using the API, but my site doesn't utilize a username/password system, it uses Twitter's API and a cookie/session for authentication. I'm trying to think of the best way to allow users to post data using the API without compromising security. Basically I need a way to make sure that the user is who they say they are from within the application.

One idea I was thinking of was to have the user create a password which they would use to "log in" through a method in the API. Sending the proper credentials (Twitter username and their selected password) to this method would return a token which would be associated with their account. To go even further, I could set the token (essentially an API key) as inactive initially and have the API also return a secret code which would also be associated with the user's account. The user would then have to log into their profile on the site and enter the secret code, which would activate their token and allow them to post using the API.

I want to make it simple for the user, but I don't want to potentially compromise other user's security. Can anyone suggest a better way of doing something like this, or let me know if the way I've suggested would be a good way of doing it?

119

Answer

Solution:

The authentification/authorization, IMO is a separated application layer you need to create. Its common called : ACL.

Related with your recent issue, i suggest either you use oAuth implementation, or some of HTTP Authentification for that.

People are also looking for solutions to the problem: Query about PHP cookie

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.