Loading Search...

API Best Practices Blog

RESTful API Design: authentication »

Author: Brian Mulloy | Posted about 4 months ago | Posted in: API Tech and Best Practices
Tags: , , , ,

This time, in this series about pragmatic RESTful API Design, I'll discuss authentication.

There are many schools of thought - my colleagues at Apigee and I don't always agree on how to handle authentication - but overall here's my take.

Let's look at these three top services. See how each of these services handles things differently:

PayPal

Permissions Service API

Facebook

OAuth 2.0

Twitter

OAuth 1.0a

Note that PayPal's proprietary three-legged permissions API  was in place long before OAuth was conceived.

What should you do?

Use the latest and greatest OAuth - OAuth 2.0 (as of this writing)

Don't do something *like* OAuth, but different
It will be frustrating to app developers if they can't use an OAuth library in their language because of your variation.

Next time: Versions - how many? Meanwhile, I'd love to hear from you over on the API Craft Google Group.

Download Now

More tools and resources

Try Apigee for Free »

try apigee for free

We create API tools for developers who use APIs.

Try API Testing

Resources »

resources

Will you adapt or perish in the new API economy?

View Presentation

Is Your API Naked? »

is your api naked?

Here are 10 areas where you need to CYA (cover your apps).

Download Whitepaper