我放在一起读，写的方法来我的数据库，并通过URL揭露他们（我用codeIgniter框架，并使用URL段参数传递给这些方法）。最初的想法是让我的Ajax脚本中调用这些方法。不过，现在我想我可能会暴露这些方法的任何开发者。

I'm putting together read and write methods to my database and exposing them via URL (I'm using CodeIgniter framework and using URL segments to pass parameters to these methods). The original idea was to have my Ajax script call these methods. However, now I am thinking I could potentially expose these methods to any developer.

我应该怎么做，以确保只有经过授权的开发者使用我的API？我想，他们应该通过一个API密钥和密码可能每个方法调用。如果我是为他们提供这样的细节，这样够安全吗？

What should I do to make sure only authorized developers use my API? I'm thinking they should pass an API key and possibly password to each method call. If I were to provide them with such details, would that be secure enough?

另外，我在想，我应该支持而不是GET POST一些必要的参数可能不适合很好地与URL段。思考？

Also, I'm thinking that I should support POST instead of GET as some of the required parameters may not fit in nicely with URL segments. Thoughts?

推荐答案

实施OAuth的的http：//的OAuth .NET /文档/入门开工/ 将为你想做什么工作。我不能确定是什么类型的数据你保护的，但我同意TradyBlix这可能是最好的。我以前就实现了它，这不是太很难搞清楚，它是有据可查的有很多的API，处理利用它的用户数据。

Implementing OAuth http://oauth.net/documentation/getting-started/ would work for what you're trying to do. I'm not certain of what type of data you're securing, but I agree with TradyBlix this probably best. I've implemented it before, it's not too hard to figure out, it's well documented with many APIs that handle user-data utilizing it.

你应该想想是限制API密钥到域，因此开发人员只能使用自己的API密钥来自另一件事自己的域名，基本上是preventing获得访问权，未经授权的开发者至少在没有获得一个授权访问域名和对应的按键。

Another thing you should think about is limiting API Keys to domains, so a developer can only use their API key from their own domain-essentially preventing an unauthorized developer from gaining access, at least without gaining access to an authorized domain and corresponding key.