• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Best way to generate API key

 
Ranch Hand
Posts: 210
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

Currently we have a web application, we want to extend the same for mobile, so we are planning to use a token to validate users to access API's, what is the best way to do it, I thought of using UUID generated based on user name, is it the right approach, how about using Oauth, could someone suggest.

Thanks,
Ramesh
 
Bartender
Posts: 10780
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

ramesh maredu wrote:Currently we have a web application, we want to extend the same for mobile, so we are planning to use a token to validate users to access API's, what is the best way to do it, I thought of using UUID generated based on user name, is it the right approach, how about using Oauth, could someone suggest.


Well the main token-based security system that I know of is Kerberos (although it's been a while since I was in that line of business). What do you currently use, and why don't you think it would be any good for a mobile? I presume that any user is still going to have to enter a name/password somehow.

Winston
 
ramesh maredu
Ranch Hand
Posts: 210
Eclipse IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Currently we have web application built using struts 2, when user enters his credentials we fetch user information save it in session for further reference. Here cookies are used for session management, to continue using the same without any changes, cookie has to be set in mobile app every time when they invoke struts2 API which returns JSON response.

Well actual idea is to use RESTful API rather invoking web URL directly to get the response in JSON format, so same API can be used by web UI and mobile app, to check for API invoker identity I thought of using API key which is a UUID generated from his username and password.
 
Greenhorn
Posts: 16
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would use a completely random hex code. I would seriously avoid
hashing
the username & password, that leaves all your users vunerable to a
dictionary attack.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic