Forums Register Login

Best way to generate API key

+Pie Number of slices to send: Send
Hi All,

Currently we have a web application, we want to extend the same for mobile, so we are planning to use a token to validate users to access API's, what is the best way to do it, I thought of using UUID generated based on user name, is it the right approach, how about using Oauth, could someone suggest.

Thanks,
Ramesh
+Pie Number of slices to send: Send
 

ramesh maredu wrote:Currently we have a web application, we want to extend the same for mobile, so we are planning to use a token to validate users to access API's, what is the best way to do it, I thought of using UUID generated based on user name, is it the right approach, how about using Oauth, could someone suggest.


Well the main token-based security system that I know of is Kerberos (although it's been a while since I was in that line of business). What do you currently use, and why don't you think it would be any good for a mobile? I presume that any user is still going to have to enter a name/password somehow.

Winston
+Pie Number of slices to send: Send
Currently we have web application built using struts 2, when user enters his credentials we fetch user information save it in session for further reference. Here cookies are used for session management, to continue using the same without any changes, cookie has to be set in mobile app every time when they invoke struts2 API which returns JSON response.

Well actual idea is to use RESTful API rather invoking web URL directly to get the response in JSON format, so same API can be used by web UI and mobile app, to check for API invoker identity I thought of using API key which is a UUID generated from his username and password.
1
+Pie Number of slices to send: Send
I would use a completely random hex code. I would seriously avoid
hashing
the username & password, that leaves all your users vunerable to a
dictionary attack.
I found a beautiful pie. And a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 2931 times.
Similar Threads
Reading Win32 Registy
Best Way to encrypt a password
String array to arraylist
Best way to send error page in Jsp
regading Error Page
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 18, 2024 21:53:00.