Exposing Private Rest API to other resources

I have a number of API which Return certain reusable data for different resources, companies or might be for any other.

how do i expose it with security so with only api-key or certain token they can access it. like google or facebook exposes.

I would love to hear your suggestion and correction if i am wrong.

1 answer

  • answered 2018-01-13 17:37 Mike Tung

    Without knowing the details of your setup. For security the way you are describing the behavior sounds like OAuth2.0 protocol.

    On a very high level what you want to do is sign up your applications with an Authentication Provider (Facebook/Google/etc) and follow their api documentation. You essentially want to send the user of your api to the provider to login there and when they come back they bring you some client details that your api/app will then use to tell the provider that you (the app/api) wants to request these pieces of data from the user who logged in.

    What you do after that is record the user data and use whatever Authorization protocol you want (say user can do X or Y, roles, etc).

    Hope this is helpful.